Skip to content

Commit

Permalink
Merge pull request #250 from WPManageNinja/dev-heera
Browse files Browse the repository at this point in the history 
Re-factored unserialization.
  • Loading branch information
@heera
heera authored Nov 16, 2024
2 parents 1d5448d + 889e27b commit 71eaf4b
Showing 1 changed file with 34 additions and 3 deletions.
37 changes: 34 additions & 3 deletions app/Models/Logger.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace FluentMail\App\Models;

use Exception;
use InvalidArgumentException;
use FluentMail\Includes\Support\Arr;

class Logger extends Model
Expand Down Expand Up @@ -157,21 +158,51 @@ protected function buildWhere($data)
protected function formatResult($result)
{
$result = is_array($result) ? $result : func_get_args();

foreach ($result as $key => $row) {
$result[$key] = array_map([$this, 'unserialize'], (array) $row);
$result[$key] = $this->maybeUnserialize((array)$row);
$result[$key]['id'] = (int)$result[$key]['id'];
$result[$key]['retries'] = (int)$result[$key]['retries'];
$result[$key]['from'] = htmlspecialchars($result[$key]['from']);
$result[$key]['subject'] = wp_kses_post(wp_unslash($result[$key]['subject']));
$result[$key]['subject'] = wp_kses_post(
wp_unslash($result[$key]['subject'])
);
}

return $result;
}

protected function maybeUnserialize(array $data)
{
foreach ($data as $key => $value) {
if ($this->isUnserializable($key)) {
$data[$key] = $this->unserialize($value);
}
}

return $data;
}

protected function isUnserializable($key)
{
$allowedFields = [
'to',
'headers',
'attachments',
'response',
'extra'
];

return in_array($key, $allowedFields);
}

protected function unserialize($data)
{
if (is_serialized($data)) {
if (preg_match('/(^|;)O:[0-9]+:/', $data)) {
throw new InvalidArgumentException(
"Unsafe serialized data detected!"
);
}
return unserialize(trim($data), ['allow_classes' => false]);
}

Expand Down

0 comments on commit 71eaf4b

Please sign in to comment.