[TASK] unserialize() without objects in impexp 33/48333/2
authorChristian Kuhn <lolli@schwarzbu.ch>
Fri, 27 May 2016 13:19:42 +0000 (15:19 +0200)
committerMorton Jonuschat <m.jonuschat@mojocode.de>
Fri, 27 May 2016 14:01:55 +0000 (16:01 +0200)
Change-Id: I09d769584dc4389d0d6e0d2ffa3e8e1b0fa571ad
Resolves: #76327
Releases: master
Reviewed-on: https://review.typo3.org/48333
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php
typo3/sysext/impexp/Classes/Import.php
typo3/sysext/impexp/Classes/Task/ImportExportTask.php
typo3/sysext/impexp/Classes/View/ExportPageTreeView.php

index 9229e65..bfa3b3d 100644 (file)
@@ -123,7 +123,7 @@ class PresetRepository
             $preset = $this->getPreset($presetData['select']);
             if (is_array($preset)) {
                 // Update existing
-                $inData_temp = unserialize($preset['preset_data']);
+                $inData_temp = unserialize($preset['preset_data'], ['allowed_classes' => false]);
                 if (is_array($inData_temp)) {
                     if (isset($presetData['merge'])) {
                         // Merge records in:
index ef985cf..ce53dd4 100644 (file)
@@ -1749,7 +1749,7 @@ class Import extends ImportExport
                     return null;
                 }
             }
-            return $unserialize ? unserialize($datString) : $datString;
+            return $unserialize ? unserialize($datString, ['allowed_classes' => false]) : $datString;
         } else {
             $this->error('MD5 check failed (' . $name . ')');
         }
@@ -1798,7 +1798,7 @@ class Import extends ImportExport
             if ($initStrDat[1]) {
                 if ($this->compress) {
                     $datString = gzuncompress($datString);
-                    return $unserialize ? unserialize($datString) : $datString;
+                    return $unserialize ? unserialize($datString, ['allowed_classes' => false]) : $datString;
                 } else {
                     $this->error('Content read error: This file requires decompression, but this server does not offer gzcompress()/gzuncompress() functions.');
                 }
index 249aca3..ab743f3 100644 (file)
@@ -107,7 +107,7 @@ class ImportExportTask implements TaskInterface
             if (is_array($presets) && !empty($presets)) {
                 $lines = [];
                 foreach ($presets as $key => $presetCfg) {
-                    $configuration = unserialize($presetCfg['preset_data']);
+                    $configuration = unserialize($presetCfg['preset_data'], ['allowed_classes' => false]);
                     $title = strlen($presetCfg['title']) ? $presetCfg['title'] : '[' . $presetCfg['uid'] . ']';
                     $icon = 'EXT:impexp/Resources/Public/Images/export.gif';
                     $description = array();
index 96abce9..027baba 100644 (file)
@@ -86,7 +86,7 @@ class ExportPageTreeView extends BrowseTreeView
         // Initialize:
         $this->init(' AND ' . $this->BE_USER->getPagePermsClause(1) . $clause);
         // Get stored tree structure:
-        $this->stored = unserialize($this->BE_USER->uc['browseTrees']['browsePages']);
+        $this->stored = unserialize($this->BE_USER->uc['browseTrees']['browsePages'], ['allowed_classes' => false]);
         $treeArr = array();
         $idx = 0;
         // Set first: