Import from DCARF SVN

2024-04-02 12:12:16 +00:00 · 2008-10-15 22:36:05 +00:00
parent 4f0b4f0bbb
commit 1445da495b
2237 changed files with 714445 additions and 0 deletions
--- a/include/pear/HTML/AJAX/Serializer/PHP.php
+++ b/include/pear/HTML/AJAX/Serializer/PHP.php
@@ -0,0 +1,88 @@
+<?php
+// $Id$
+/**
+ * PHP Serializer
+ *
+ * @category   HTML
+ * @package    AJAX
+ * @author     Arpad Ray <arpad@php.net>
+ * @copyright  2005 Arpad Ray
+ * @license    http://www.opensource.org/licenses/lgpl-license.php  LGPL
+ * @version    Release: 0.5.2
+ * @link       http://pear.php.net/package/HTML_AJAX
+ */
+class HTML_AJAX_Serializer_PHP 
+{    
+    function serialize($input) 
+    {
+        return serialize($input);
+    }
+
+    /**
+     * Unserializes the given string
+     *
+     * Triggers an error if a class is found which is not
+     * in the provided array of allowed class names.
+     *
+     * @param   string  $input
+     *  the serialized string to process
+     * @param   array   $allowedClasses
+     *  an array of class names to check objects against
+     *  before instantion
+     * @return  mixed
+     *  the unserialized variable on success, or false on
+     *  failure. If this method fails it will also trigger
+     *  a warning.
+     */
+    function unserialize($input, $allowedClasses) 
+    {
+        if (version_compare(PHP_VERSION, '4.3.10', '<')
+             || (substr(PHP_VERSION, 0, 1) == '5' && version_compare(PHP_VERSION, '5.0.3', '<'))) {
+            trigger_error('Unsafe version of PHP for native unserialization');
+            return false;
+        }
+        $classes = $this->_getSerializedClassNames($input);
+        if ($classes === false) {
+            trigger_error('Invalidly serialized string');
+            return false;
+        }
+        $diff = array_diff($classes, $allowedClasses);
+        if (!empty($diff)) {
+            trigger_error('Class(es) not allowed to be serialized');
+            return false;
+        }
+        return unserialize($input);
+    }
+    
+    /**
+     * Extract class names from serialized string
+     *
+     * Adapted from code by Harry Fuecks
+     *
+     * @param   string  $string
+     *  the serialized string to process
+     * @return  mixed
+     *  an array of class names found, or false if the input
+     *  is invalidly formed
+     */
+    function _getSerializedClassNames($string) {
+        // Strip any string representations (which might contain object syntax)
+        while (($pos = strpos($string, 's:')) !== false) {
+            $pos2 = strpos($string, ':', $pos + 2);
+            if ($pos2 === false) {
+                // invalidly serialized string
+                return false;    
+            }
+            $end = $pos + 2 + substr($string, $pos + 2, $pos2) + 1;
+            $string = substr($string, 0, $pos) . substr($string, $end);
+        }
+        
+        // Pull out the class names
+        preg_match_all('/O:[0-9]+:"(.*)"/U', $string, $matches);
+        
+        // Make sure names are unique (same object serialized twice)
+        return array_unique($matches[1]);
+    }
+}
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
+?>