Created
June 18, 2018 13:30
-
-
Save dlugs/0e096f361029af4db951d90f4d370b99 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Copyright © Magento, Inc. All rights reserved. | |
* See COPYING.txt for license details. | |
*/ | |
namespace Magento\Framework\Serialize\Serializer; | |
use Magento\Framework\Serialize\SerializerInterface; | |
/** | |
* Less secure than Json implementation, but gives higher performance on big arrays. Does not unserialize objects. | |
* Using this implementation is discouraged as it may lead to security vulnerabilities | |
*/ | |
class Serialize implements SerializerInterface | |
{ | |
/** | |
* {@inheritDoc} | |
*/ | |
public function serialize($data) | |
{ | |
if (is_resource($data)) { | |
throw new \InvalidArgumentException('Unable to serialize value.'); | |
} | |
return serialize($data); | |
} | |
/** | |
* {@inheritDoc} | |
*/ | |
public function unserialize($string) | |
{ | |
$string = preg_replace_callback( | |
'/s:([0-9]+):\"(.*?)\";/', | |
function ($matches) { return "s:".strlen($matches[2]).':"'.$matches[2].'";'; }, | |
$string | |
); | |
if (false === $string || null === $string || '' === $string) { | |
throw new \InvalidArgumentException('Unable to unserialize value.'); | |
} | |
set_error_handler( | |
function () { | |
restore_error_handler(); | |
throw new \InvalidArgumentException('Unable to unserialize value, string is corrupted.'); | |
}, | |
E_NOTICE | |
); | |
$result = unserialize($string, ['allowed_classes' => false]); | |
restore_error_handler(); | |
return $result; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment