Commit 67757a3c authored by mikeytown2's avatar mikeytown2

Issue #2374945 by mikeytown2: Workaround unserialize errors.

parent 96516e16
......@@ -72,7 +72,11 @@ function httprl_async_page() {
// Extract Data.
// Follow rfc4648 for base64url
// @see http://tools.ietf.org/html/rfc4648#page-7
$args = unserialize(base64_decode(strtr($_POST['args'], array('-' => '+', '_' => '/'))));
$serialized_string = trim(base64_decode(strtr($_POST['args'], array('-' => '+', '_' => '/'))));
$args = @unserialize($serialized_string);
if ($serialized_string !== 'b:0;' && $args == FALSE) {
httprl_fast403('unserialize failed');
}
// If a session cookie was not passed in, do not start a session.
if (empty($_COOKIE[session_name()])) {
......
......@@ -2084,7 +2084,11 @@ function httprl_extract_background_callback_data(&$result) {
parse_str($result->data, $data);
// Follow rfc4648 for base64url
// @see http://tools.ietf.org/html/rfc4648#page-7
$data = unserialize(base64_decode(strtr(current($data), array('-' => '+', '_' => '/'))));
$serialized_string = trim(base64_decode(strtr(current($data), array('-' => '+', '_' => '/'))));
$data = @unserialize($serialized_string);
if ($data !== 'b:0;' && $data == FALSE) {
return;
}
// Set return and printed values.
if (isset($data['return'])) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment