function fillpdf_safe_unserialize in FillPDF 6

mixed fillpdf_safe_unserialize(string $serialized) Safely unserialize, that is, only unserialize strings, numbers, and arrays, not objects This prevents the __wakeup method from being called since it could contain arbitrary code.

@license Public Domain @author dcz (at) phpbb-seo (dot) com

1 call to fillpdf_safe_unserialize()

fillpdf_form_import_form_validate in ./fillpdf.admin.inc

File

./fillpdf.admin.inc, line 503: Allows mappings of PDFs to site content

Code

function fillpdf_safe_unserialize($serialized) {

  // unserialize will return false for object declared with small cap o
  // as well as if there is any ws between O and :
  if (is_string($serialized) && strpos($serialized, "\0") === FALSE) {
    if (strpos($serialized, 'O:') === FALSE) {

      // the easy case, nothing to worry about; let unserialize do the job
      return @unserialize($serialized);
    }
    elseif (!preg_match('/(^|;|{|})O:[0-9]+:"/', $serialized)) {

      // in case we did have a string with O: in it,
      // but it was not a true serialized object
      return @unserialize($serialized);
    }
  }
  return FALSE;
}

You are here

function fillpdf_safe_unserialize in FillPDF 6

File

Code

API Navigation