From 7756aae488f1872025b91ac871d8ee7e8f372e88 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Wed, 27 Feb 2019 14:39:28 -0500 Subject: [PATCH 1/8] Vendor - Add brumann/polyfill-unserialize --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 24a2aac9bbc..37d4a60285f 100755 --- a/composer.json +++ b/composer.json @@ -112,7 +112,8 @@ "knplabs/knp-components": "~1.3", "guzzlehttp/guzzle": "~6.0", "onelogin/php-saml": "^3.0", - "symfony/dom-crawler": "~3.4" + "symfony/dom-crawler": "~3.4", + "brumann/polyfill-unserialize": "^1.0" }, "require-dev": { "behat/behat": "@stable", From f936d459b9ec71618243c1992ab5bca5bab43d21 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Wed, 27 Feb 2019 14:54:42 -0500 Subject: [PATCH 2/8] Use brumann/polyfill-unserialize to unserialize content --- main/admin/career_diagram.php | 19 +++++- main/admin/gradebook_list.php | 6 +- main/auth/sso/sso.Drupal.class.php | 6 +- main/auth/sso/sso.class.php | 6 +- main/course_home/course_home.php | 12 +++- main/exercise/hotspot_admin.inc.php | 16 ++--- main/exercise/question.class.php | 6 +- main/exercise/upload_exercise.php | 16 ++++- main/extra/upgrade_school_calendar.php | 9 ++- main/gradebook/lib/be/category.class.php | 15 +++-- main/inc/lib/api.lib.php | 11 +++- main/inc/lib/array.lib.php | 4 +- main/inc/lib/plugin.class.php | 10 ++- main/inc/lib/plugin.lib.php | 9 ++- main/inc/lib/statistics.lib.php | 7 ++- main/lp/aicc_api.php | 16 ++++- main/lp/aicc_hacp.php | 16 ++++- main/lp/learnpath.class.php | 15 ++++- main/lp/lp_controller.php | 16 ++++- main/lp/scorm_api.php | 14 ++++- main/mySpace/my_career.php | 19 +++++- plugin/ims_lti/Entity/ImsLtiTool.php | 6 +- src/Chamilo/CoreBundle/Entity/Sequence.php | 15 ++++- .../Component/CourseCopy/Course.php | 63 ++++++++++++++++++- .../Component/CourseCopy/CourseArchiver.php | 62 +++++++++++++++++- src/Chamilo/PageBundle/Entity/User.php | 6 +- 26 files changed, 361 insertions(+), 39 deletions(-) diff --git a/main/admin/career_diagram.php b/main/admin/career_diagram.php index fb16c91dd18..239d10311e6 100644 --- a/main/admin/career_diagram.php +++ b/main/admin/career_diagram.php @@ -14,6 +14,12 @@ ALTER TABLE extra_field_values modify column value longtext null; */ +use Brumann\Polyfill\Unserialize; +use Fhaculty\Graph\Graph; +use Fhaculty\Graph\Set\Edges; +use Fhaculty\Graph\Set\Vertices; +use Fhaculty\Graph\Set\VerticesMap; + $cidReset = true; require_once __DIR__.'/../inc/global.inc.php'; @@ -106,7 +112,18 @@ $tpl = new Template(get_lang('Diagram')); $html = Display::page_subheader2($careerInfo['name'].$urlToString); if (!empty($item) && isset($item['value']) && !empty($item['value'])) { - $graph = unserialize($item['value']); + /** @var Graph $graph */ + $graph = Unserialize::unserialize( + $item['value'], + [ + 'allowed_classes' => [ + Graph::class, + VerticesMap::class, + Vertices::class, + Edges::class + ], + ] + ); $html .= Career::renderDiagramByColumn($graph, $tpl); } else { Display::addFlash( diff --git a/main/admin/gradebook_list.php b/main/admin/gradebook_list.php index 056391a1a43..ffa91eef7ed 100644 --- a/main/admin/gradebook_list.php +++ b/main/admin/gradebook_list.php @@ -1,6 +1,7 @@ false] + ); foreach ($list as $itemId) { $courseInfo = api_get_course_info_by_id($itemId); $options[$itemId] = $courseInfo['name']; diff --git a/main/auth/sso/sso.Drupal.class.php b/main/auth/sso/sso.Drupal.class.php index e3962028372..7d77f1728f3 100755 --- a/main/auth/sso/sso.Drupal.class.php +++ b/main/auth/sso/sso.Drupal.class.php @@ -1,6 +1,7 @@ false] + ); } } diff --git a/main/auth/sso/sso.class.php b/main/auth/sso/sso.class.php index 46e3d8d9236..6817e0af010 100755 --- a/main/auth/sso/sso.class.php +++ b/main/auth/sso/sso.class.php @@ -1,6 +1,7 @@ false] + ); } } diff --git a/main/course_home/course_home.php b/main/course_home/course_home.php index f77669ad96c..8076425a47e 100755 --- a/main/course_home/course_home.php +++ b/main/course_home/course_home.php @@ -1,7 +1,12 @@ [Graph::class, VerticesMap::class, Vertices::class, Edges::class], + ] + ); $diagram = Career::renderDiagram($careerInfo, $graph); } } diff --git a/main/exercise/hotspot_admin.inc.php b/main/exercise/hotspot_admin.inc.php index 2835d19a3b5..914ee8d1ddb 100755 --- a/main/exercise/hotspot_admin.inc.php +++ b/main/exercise/hotspot_admin.inc.php @@ -1,6 +1,7 @@ false]); + $reponse = Unserialize::unserialize($reponse, ['allowed_classes' => false]); + $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]); + $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]); + $weighting = Unserialize::unserialize($weighting, ['allowed_classes' => false]); + $hotspot_coordinates = Unserialize::unserialize($hotspot_coordinates, ['allowed_classes' => false]); + $hotspot_type = Unserialize::unserialize($hotspot_type, ['allowed_classes' => false]); + $destination = Unserialize::unserialize($destination, ['allowed_classes' => false]); unset($buttonBack); } diff --git a/main/exercise/question.class.php b/main/exercise/question.class.php index 112d757e632..498f4051031 100755 --- a/main/exercise/question.class.php +++ b/main/exercise/question.class.php @@ -1,6 +1,7 @@ get_document((int) $se_ref['search_did']); if ($se_doc !== false) { if (($se_doc_data = $di->get_document_data($se_doc)) !== false) { - $se_doc_data = unserialize($se_doc_data); + $se_doc_data = Unserialize::unserialize( + $se_doc_data, + ['allowed_classes' => false] + ); if (isset($se_doc_data[SE_DATA]['type']) && $se_doc_data[SE_DATA]['type'] == SE_DOCTYPE_EXERCISE_QUESTION ) { diff --git a/main/exercise/upload_exercise.php b/main/exercise/upload_exercise.php index d535cb7e9a1..4eba21a75c2 100755 --- a/main/exercise/upload_exercise.php +++ b/main/exercise/upload_exercise.php @@ -1,6 +1,7 @@ [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] + ); if (is_object($oLP)) { if ((empty($oLP->cc)) || $oLP->cc != api_get_course_id()) { $oLP = null; diff --git a/main/extra/upgrade_school_calendar.php b/main/extra/upgrade_school_calendar.php index 0cdd51344a7..c85830cc53d 100644 --- a/main/extra/upgrade_school_calendar.php +++ b/main/extra/upgrade_school_calendar.php @@ -2,6 +2,8 @@ /* For licensing terms, see /license.txt */ // not used?? +use Brumann\Polyfill\Unserialize; + exit; require_once '../inc/global.inc.php'; @@ -28,6 +30,11 @@ $d_number = (int) $d_number; $sql4 = "UPDATE set_module SET cal_day_num = $d_number WHERE id = $d_id "; Database::query($sql4); -print_r(unserialize(Security::remove_XSS($_POST['aaa']))); +print_r( + Unserialize::unserialize( + Security::remove_XSS($_POST['aaa']), + ['allowed_classes' => false] + ) +); Display::display_footer(); diff --git a/main/gradebook/lib/be/category.class.php b/main/gradebook/lib/be/category.class.php index f12b95f7c0f..ecf6adc70a1 100755 --- a/main/gradebook/lib/be/category.class.php +++ b/main/gradebook/lib/be/category.class.php @@ -1,6 +1,7 @@ courseDependency = []; - $this->courseDependency = $result; + $unserialized = @Unserialize::unserialize( + $value, + ['allowed_classes' => false] + ); + + if (false !== $unserialized) { + $this->courseDependency = $unserialized; + } } /** diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index ef61a24cfdf..db5f4e68739 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -1,6 +1,7 @@ false] + ); + + if (false !== $unserialized) { + $value = $unserialized; } return $value; diff --git a/main/inc/lib/array.lib.php b/main/inc/lib/array.lib.php index 80b9957abea..225b1fe2ff5 100755 --- a/main/inc/lib/array.lib.php +++ b/main/inc/lib/array.lib.php @@ -7,6 +7,8 @@ * @package chamilo.library */ +use Brumann\Polyfill\Unserialize; + /** * Removes duplicate values from a dimensional array. * @@ -27,7 +29,7 @@ function array_unique_dimensional($array) $array = array_unique($array); foreach ($array as &$myvalue) { - $myvalue = unserialize($myvalue); + $myvalue = Unserialize::unserialize($myvalue, ['allowed_classes' => false]); } return $array; diff --git a/main/inc/lib/plugin.class.php b/main/inc/lib/plugin.class.php index 34f2a0df2e1..705dd806ec5 100755 --- a/main/inc/lib/plugin.class.php +++ b/main/inc/lib/plugin.class.php @@ -1,6 +1,7 @@ get_settings(); foreach ($settings as $setting) { if ($setting['variable'] == $this->get_name().'_'.$name) { + $unserialized = @Unserialize::unserialize( + $setting['selected_value'], + ['allowed_classes' => false] + ); + if (!empty($setting['selected_value']) && - @unserialize($setting['selected_value']) !== false + false !== $unserialized ) { - $setting['selected_value'] = unserialize($setting['selected_value']); + $setting['selected_value'] = $unserialized; } return $setting['selected_value']; diff --git a/main/inc/lib/plugin.lib.php b/main/inc/lib/plugin.lib.php index 2f76eeb3b0b..8e408f618d1 100755 --- a/main/inc/lib/plugin.lib.php +++ b/main/inc/lib/plugin.lib.php @@ -1,6 +1,7 @@ false] + ); + if (false !== $unserialized) { + $item['selected_value'] = $unserialized; } } $settings_filtered[$item['variable']] = $item['selected_value']; diff --git a/main/inc/lib/statistics.lib.php b/main/inc/lib/statistics.lib.php index cd18c16514d..4951c8eb209 100644 --- a/main/inc/lib/statistics.lib.php +++ b/main/inc/lib/statistics.lib.php @@ -1,6 +1,8 @@ false] + ); if (is_array($row[2]) && !empty($row[2])) { $row[2] = implode_with_key(', ', $row[2]); } else { diff --git a/main/lp/aicc_api.php b/main/lp/aicc_api.php index a1cc3aa2999..4b8512e5a0c 100755 --- a/main/lp/aicc_api.php +++ b/main/lp/aicc_api.php @@ -1,6 +1,7 @@ [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] +); $oItem = $oLP->items[$oLP->current]; if (!is_object($oItem)) { error_log('New LP - scorm_api - Could not load oItem item', 0); diff --git a/main/lp/aicc_hacp.php b/main/lp/aicc_hacp.php index 210ba2b50ea..94323875cf3 100755 --- a/main/lp/aicc_hacp.php +++ b/main/lp/aicc_hacp.php @@ -1,6 +1,7 @@ [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] +); $oItem = &$oLP->items[$oLP->current]; if (!is_object($oItem)) { error_log('New LP - aicc_hacp - Could not load oItem item', 0); diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php index cfcb3e35627..ed5fe1a1217 100755 --- a/main/lp/learnpath.class.php +++ b/main/lp/learnpath.class.php @@ -1,6 +1,7 @@ [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] + ); if ($debug) { error_log('getLpFromSession: unserialize'); error_log('------getLpFromSession------'); diff --git a/main/lp/lp_controller.php b/main/lp/lp_controller.php index 8f106f1a1ab..0086d004396 100755 --- a/main/lp/lp_controller.php +++ b/main/lp/lp_controller.php @@ -1,6 +1,7 @@ [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] + ); if (isset($oLP) && is_object($oLP)) { if ($debug) { error_log(' oLP is object'); diff --git a/main/lp/scorm_api.php b/main/lp/scorm_api.php index 2efd25c9889..edc38b5fdf1 100755 --- a/main/lp/scorm_api.php +++ b/main/lp/scorm_api.php @@ -31,7 +31,19 @@ $file = Session::read('file'); /** @var learnpath $oLP */ -$oLP = unserialize(Session::read('lpobject')); +$oLP = Unserialize::unserialize( + Session::read('lpobject'), + [ + 'allowed_classes' => [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ], + ] +); /** @var learnpathItem $oItem */ $oItem = isset($oLP->items[$oLP->current]) ? $oLP->items[$oLP->current] : null; diff --git a/main/mySpace/my_career.php b/main/mySpace/my_career.php index 2f2002dba88..daa98851e19 100644 --- a/main/mySpace/my_career.php +++ b/main/mySpace/my_career.php @@ -1,6 +1,12 @@ [ + Graph::class, + VerticesMap::class, + Vertices::class, + Edges::class, + ] + ] + ); $content .= Career::renderDiagram($careerInfo, $graph); } } diff --git a/plugin/ims_lti/Entity/ImsLtiTool.php b/plugin/ims_lti/Entity/ImsLtiTool.php index e9422b2fe2d..365d75bb947 100644 --- a/plugin/ims_lti/Entity/ImsLtiTool.php +++ b/plugin/ims_lti/Entity/ImsLtiTool.php @@ -3,6 +3,7 @@ namespace Chamilo\PluginBundle\Entity\ImsLti; +use Brumann\Polyfill\Unserialize; use Chamilo\CoreBundle\Entity\Course; use Chamilo\CoreBundle\Entity\GradebookEvaluation; use Doctrine\Common\Collections\ArrayCollection; @@ -465,7 +466,10 @@ public function isSharingPicture() */ public function unserializePrivacy() { - return unserialize($this->privacy); + return Unserialize::unserialize( + $this->privacy, + ['allowed_classes' => false] + ); } /** diff --git a/src/Chamilo/CoreBundle/Entity/Sequence.php b/src/Chamilo/CoreBundle/Entity/Sequence.php index 1bafea011ca..e2301fb993d 100644 --- a/src/Chamilo/CoreBundle/Entity/Sequence.php +++ b/src/Chamilo/CoreBundle/Entity/Sequence.php @@ -5,6 +5,9 @@ use Doctrine\ORM\Mapping as ORM; use Fhaculty\Graph\Graph; +use Fhaculty\Graph\Set\Edges; +use Fhaculty\Graph\Set\Vertices; +use Fhaculty\Graph\Set\VerticesMap; use Gedmo\Mapping\Annotation as Gedmo; /** @@ -135,7 +138,17 @@ public function hasGraph() */ public function getUnSerializeGraph() { - return unserialize($this->graph); + return Unserialize::unserialize( + $this->graph, + [ + 'allowed_classes' => [ + Graph::class, + VerticesMap::class, + Vertices::class, + Edges::class + ], + ] + ); } /** diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php index 6fafbbaaf63..8faa5c2753f 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php @@ -3,7 +3,34 @@ namespace Chamilo\CourseBundle\Component\CourseCopy; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Resource; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work; /** * A course-object to use in Export/Import/Backup/Copy. @@ -379,7 +406,41 @@ public static function unserialize($course) if (extension_loaded('igbinary')) { $unserialized = igbinary_unserialize($course); } else { - $unserialized = unserialize($course); + $unserialized = Unserialize::unserialize( + $course, + [ + 'allowed_classes' => [ + Course::class, + Announcement::class, + Attendance::class, + CalendarEvent::class, + CourseCopyLearnpath::class, + CourseCopyTestCategory::class, + CourseDescription::class, + CourseSession::class, + Document::class, + Forum::class, + ForumCategory::class, + ForumPost::class, + ForumTopic::class, + Glossary::class, + GradeBookBackup::class, + Link::class, + LinkCategory::class, + Quiz::class, + QuizQuestion::class, + QuizQuestionOption::class, + ScormDocument::class, + Survey::class, + SurveyInvitation::class, + SurveyQuestion::class, + Thematic::class, + ToolIntro::class, + Wiki::class, + Work::class, + ], + ] + ); } return $unserialized; diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php index 4dd41052d36..8942e884f13 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php @@ -3,8 +3,34 @@ namespace Chamilo\CourseBundle\Component\CourseCopy; +use Brumann\Polyfill\Unserialize; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Asset; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work; use Symfony\Component\Filesystem\Filesystem; /** @@ -343,7 +369,41 @@ class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro', 'To class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki', 'Wiki'); class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work'); - $course = unserialize(base64_decode($contents)); + $course = Unserialize::unserialize( + base64_decode($contents), + [ + 'allowed_classes' => [ + Course::class, + Announcement::class, + Attendance::class, + CalendarEvent::class, + CourseCopyLearnpath::class, + CourseCopyTestCategory::class, + CourseDescription::class, + CourseSession::class, + Document::class, + Forum::class, + ForumCategory::class, + ForumPost::class, + ForumTopic::class, + Glossary::class, + GradeBookBackup::class, + Link::class, + LinkCategory::class, + Quiz::class, + QuizQuestion::class, + QuizQuestionOption::class, + ScormDocument::class, + Survey::class, + SurveyInvitation::class, + SurveyQuestion::class, + Thematic::class, + ToolIntro::class, + Wiki::class, + Work::class, + ], + ] + ); if (!in_array( get_class($course), diff --git a/src/Chamilo/PageBundle/Entity/User.php b/src/Chamilo/PageBundle/Entity/User.php index 19fff37c2bf..fad6a1ecc36 100644 --- a/src/Chamilo/PageBundle/Entity/User.php +++ b/src/Chamilo/PageBundle/Entity/User.php @@ -3,6 +3,7 @@ namespace Chamilo\PageBundle\Entity; +use Brumann\Polyfill\Unserialize; use Chamilo\CoreBundle\Entity\ExtraFieldValues; use Chamilo\CoreBundle\Entity\UsergroupRelUser; use Doctrine\Common\Collections\ArrayCollection; @@ -2282,7 +2283,10 @@ public function serialize() */ public function unserialize($serialized) { - $data = unserialize($serialized); + $data = Unserialize::unserialize( + $serialized, + ['allowed_classes' => false] + ); // add a few extra elements in the array to ensure that we have enough keys when unserializing // older data which does not include all properties. $data = array_merge($data, array_fill(0, 2, null)); From 607d118237da4be3e6f10fac85696bbd9969bc7b Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Wed, 27 Feb 2019 15:28:34 -0500 Subject: [PATCH 3/8] Minor - Flint fixes --- main/admin/career_diagram.php | 2 +- main/inc/lib/array.lib.php | 1 - main/mySpace/my_career.php | 2 +- src/Chamilo/CoreBundle/Entity/Sequence.php | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/main/admin/career_diagram.php b/main/admin/career_diagram.php index 239d10311e6..b5b2bd6cb3d 100644 --- a/main/admin/career_diagram.php +++ b/main/admin/career_diagram.php @@ -120,7 +120,7 @@ Graph::class, VerticesMap::class, Vertices::class, - Edges::class + Edges::class, ], ] ); diff --git a/main/inc/lib/array.lib.php b/main/inc/lib/array.lib.php index 225b1fe2ff5..97cd866a69c 100755 --- a/main/inc/lib/array.lib.php +++ b/main/inc/lib/array.lib.php @@ -6,7 +6,6 @@ * * @package chamilo.library */ - use Brumann\Polyfill\Unserialize; /** diff --git a/main/mySpace/my_career.php b/main/mySpace/my_career.php index daa98851e19..98f14c57e31 100644 --- a/main/mySpace/my_career.php +++ b/main/mySpace/my_career.php @@ -56,7 +56,7 @@ VerticesMap::class, Vertices::class, Edges::class, - ] + ], ] ); $content .= Career::renderDiagram($careerInfo, $graph); diff --git a/src/Chamilo/CoreBundle/Entity/Sequence.php b/src/Chamilo/CoreBundle/Entity/Sequence.php index e2301fb993d..5fce1541fa0 100644 --- a/src/Chamilo/CoreBundle/Entity/Sequence.php +++ b/src/Chamilo/CoreBundle/Entity/Sequence.php @@ -145,7 +145,7 @@ public function getUnSerializeGraph() Graph::class, VerticesMap::class, Vertices::class, - Edges::class + Edges::class, ], ] ); From 8702cecc99501a25c9a5118880fc510a06003def Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Wed, 27 Feb 2019 15:35:57 -0500 Subject: [PATCH 4/8] Unserialize: Include stdClass like allowed class when importing course --- src/Chamilo/CourseBundle/Component/CourseCopy/Course.php | 1 + src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php index 8faa5c2753f..108e65a3d81 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php @@ -438,6 +438,7 @@ public static function unserialize($course) ToolIntro::class, Wiki::class, Work::class, + \stdClass::class, ], ] ); diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php index 8942e884f13..f82f1d41bda 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php @@ -401,6 +401,7 @@ class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work'); ToolIntro::class, Wiki::class, Work::class, + \stdClass::class, ], ] ); From 45e885b7fdec35b05d99cf30426d709708c419ea Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Wed, 27 Feb 2019 15:46:54 -0500 Subject: [PATCH 5/8] Minor - Add namespace --- src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php index f82f1d41bda..ac14169199d 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php @@ -14,6 +14,7 @@ use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory; use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; From fa8b097564b2bc445071f1d45645306dbd8752b1 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Thu, 28 Feb 2019 10:08:23 -0500 Subject: [PATCH 6/8] Add function to wrap Unserialize::unserialize function --- main/admin/career_diagram.php | 16 +-- main/admin/gradebook_list.php | 6 +- main/auth/sso/sso.Drupal.class.php | 7 +- main/auth/sso/sso.class.php | 7 +- main/course_home/course_home.php | 13 +- main/exercise/hotspot_admin.inc.php | 16 ++- main/exercise/question.class.php | 7 +- main/exercise/upload_exercise.php | 15 +-- main/extra/upgrade_school_calendar.php | 7 +- main/gradebook/lib/be/category.class.php | 6 +- main/inc/lib/api.lib.php | 113 +++++++++++++++++- main/inc/lib/array.lib.php | 3 +- main/inc/lib/plugin.class.php | 6 +- main/inc/lib/plugin.lib.php | 6 +- main/inc/lib/statistics.lib.php | 7 +- main/lp/aicc_api.php | 15 +-- main/lp/aicc_hacp.php | 16 +-- main/lp/learnpath.class.php | 15 +-- main/lp/lp_controller.php | 17 +-- main/mySpace/my_career.php | 16 +-- plugin/ims_lti/Entity/ImsLtiTool.php | 6 +- .../Component/CourseCopy/CourseArchiver.php | 65 +--------- src/Chamilo/PageBundle/Entity/User.php | 6 +- 23 files changed, 152 insertions(+), 239 deletions(-) diff --git a/main/admin/career_diagram.php b/main/admin/career_diagram.php index b5b2bd6cb3d..967ba9507f8 100644 --- a/main/admin/career_diagram.php +++ b/main/admin/career_diagram.php @@ -14,11 +14,7 @@ ALTER TABLE extra_field_values modify column value longtext null; */ -use Brumann\Polyfill\Unserialize; use Fhaculty\Graph\Graph; -use Fhaculty\Graph\Set\Edges; -use Fhaculty\Graph\Set\Vertices; -use Fhaculty\Graph\Set\VerticesMap; $cidReset = true; require_once __DIR__.'/../inc/global.inc.php'; @@ -113,17 +109,7 @@ $html = Display::page_subheader2($careerInfo['name'].$urlToString); if (!empty($item) && isset($item['value']) && !empty($item['value'])) { /** @var Graph $graph */ - $graph = Unserialize::unserialize( - $item['value'], - [ - 'allowed_classes' => [ - Graph::class, - VerticesMap::class, - Vertices::class, - Edges::class, - ], - ] - ); + $graph = api_unserialize_content('carrer', $item['value']); $html .= Career::renderDiagramByColumn($graph, $tpl); } else { Display::addFlash( diff --git a/main/admin/gradebook_list.php b/main/admin/gradebook_list.php index ffa91eef7ed..ae5b25deba7 100644 --- a/main/admin/gradebook_list.php +++ b/main/admin/gradebook_list.php @@ -1,7 +1,6 @@ false] - ); + $list = api_unserialize_content('not_allowed_classes', $categoryData['depends']); foreach ($list as $itemId) { $courseInfo = api_get_course_info_by_id($itemId); $options[$itemId] = $courseInfo['name']; diff --git a/main/auth/sso/sso.Drupal.class.php b/main/auth/sso/sso.Drupal.class.php index 7d77f1728f3..83551b05716 100755 --- a/main/auth/sso/sso.Drupal.class.php +++ b/main/auth/sso/sso.Drupal.class.php @@ -1,7 +1,6 @@ false] + return api_unserialize_content( + 'not_allowed_classes', + base64_decode($cookie) ); } } diff --git a/main/auth/sso/sso.class.php b/main/auth/sso/sso.class.php index 6817e0af010..81593515c91 100755 --- a/main/auth/sso/sso.class.php +++ b/main/auth/sso/sso.class.php @@ -1,7 +1,6 @@ false] + return api_unserialize_content( + 'not_allowed_classes', + base64_decode($cookie) ); } } diff --git a/main/course_home/course_home.php b/main/course_home/course_home.php index 8076425a47e..22d5599c229 100755 --- a/main/course_home/course_home.php +++ b/main/course_home/course_home.php @@ -1,12 +1,8 @@ [Graph::class, VerticesMap::class, Vertices::class, Edges::class], - ] + /** @var Graph $graph */ + $graph = api_unserialize_content( + 'career', + $item['value'] ); $diagram = Career::renderDiagram($careerInfo, $graph); } diff --git a/main/exercise/hotspot_admin.inc.php b/main/exercise/hotspot_admin.inc.php index 914ee8d1ddb..10d690864a3 100755 --- a/main/exercise/hotspot_admin.inc.php +++ b/main/exercise/hotspot_admin.inc.php @@ -1,7 +1,6 @@ false]); - $reponse = Unserialize::unserialize($reponse, ['allowed_classes' => false]); - $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]); - $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]); - $weighting = Unserialize::unserialize($weighting, ['allowed_classes' => false]); - $hotspot_coordinates = Unserialize::unserialize($hotspot_coordinates, ['allowed_classes' => false]); - $hotspot_type = Unserialize::unserialize($hotspot_type, ['allowed_classes' => false]); - $destination = Unserialize::unserialize($destination, ['allowed_classes' => false]); + $color = api_unserialize_content('not_allowed_classes', $color); + $reponse = api_unserialize_content('not_allowed_classes', $reponse); + $comment = api_unserialize_content('not_allowed_classes', $comment); + $weighting = api_unserialize_content('not_allowed_classes', $weighting); + $hotspot_coordinates = api_unserialize_content('not_allowed_classes', $hotspot_coordinates); + $hotspot_type = api_unserialize_content('not_allowed_classes', $hotspot_type); + $destination = api_unserialize_content('not_allowed_classes', $destination); unset($buttonBack); } diff --git a/main/exercise/question.class.php b/main/exercise/question.class.php index 498f4051031..de47e439528 100755 --- a/main/exercise/question.class.php +++ b/main/exercise/question.class.php @@ -1,7 +1,6 @@ get_document((int) $se_ref['search_did']); if ($se_doc !== false) { if (($se_doc_data = $di->get_document_data($se_doc)) !== false) { - $se_doc_data = Unserialize::unserialize( - $se_doc_data, - ['allowed_classes' => false] + $se_doc_data = api_unserialize_content( + 'not_allowed_classes', + $se_doc_data ); if (isset($se_doc_data[SE_DATA]['type']) && $se_doc_data[SE_DATA]['type'] == SE_DOCTYPE_EXERCISE_QUESTION diff --git a/main/exercise/upload_exercise.php b/main/exercise/upload_exercise.php index 4eba21a75c2..74988862023 100755 --- a/main/exercise/upload_exercise.php +++ b/main/exercise/upload_exercise.php @@ -1,7 +1,6 @@ [ - learnpath::class, - learnpathItem::class, - aiccItem::class, - scormItem::class, - Link::class, - LpItem::class, - ], - ] - ); + $oLP = api_unserialize_content('lp', $lpObject); if (is_object($oLP)) { if ((empty($oLP->cc)) || $oLP->cc != api_get_course_id()) { $oLP = null; diff --git a/main/extra/upgrade_school_calendar.php b/main/extra/upgrade_school_calendar.php index c85830cc53d..a769f65b5a6 100644 --- a/main/extra/upgrade_school_calendar.php +++ b/main/extra/upgrade_school_calendar.php @@ -2,7 +2,6 @@ /* For licensing terms, see /license.txt */ // not used?? -use Brumann\Polyfill\Unserialize; exit; @@ -31,9 +30,9 @@ $sql4 = "UPDATE set_module SET cal_day_num = $d_number WHERE id = $d_id "; Database::query($sql4); print_r( - Unserialize::unserialize( - Security::remove_XSS($_POST['aaa']), - ['allowed_classes' => false] + api_unserialize_content( + 'not_allowed_classes', + Security::remove_XSS($_POST['aaa']) ) ); diff --git a/main/gradebook/lib/be/category.class.php b/main/gradebook/lib/be/category.class.php index ecf6adc70a1..10b43b8eb56 100755 --- a/main/gradebook/lib/be/category.class.php +++ b/main/gradebook/lib/be/category.class.php @@ -1,7 +1,6 @@ courseDependency = []; - $unserialized = @Unserialize::unserialize( - $value, - ['allowed_classes' => false] - ); + $unserialized = api_unserialize_content('not_allowed_classes', $value, true); if (false !== $unserialized) { $this->courseDependency = $unserialized; diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index db5f4e68739..aacb1c0462d 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -3,9 +3,41 @@ use Brumann\Polyfill\Unserialize; use Chamilo\CoreBundle\Entity\SettingsCurrent; +use Chamilo\CourseBundle\Component\CourseCopy\Course; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki; +use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work; use Chamilo\CourseBundle\Entity\CItemProperty; use Chamilo\UserBundle\Entity\User; use ChamiloSession as Session; +use Fhaculty\Graph\Graph; +use Fhaculty\Graph\Set\Edges; +use Fhaculty\Graph\Set\Vertices; +use Fhaculty\Graph\Set\VerticesMap; use Symfony\Component\Finder\Finder; /** @@ -2768,10 +2800,7 @@ function api_get_plugin_setting($plugin, $variable) if (isset($result[$plugin])) { $value = $result[$plugin]; - $unserialized = @Unserialize::unserialize( - $value, - ['allowed_classes' => false] - ); + $unserialized = api_unserialize_content('not_allowed_classes', $value, true); if (false !== $unserialized) { $value = $unserialized; @@ -9305,3 +9334,79 @@ function api_get_relative_path($from, $to) return implode('/', $relPath); } + +/** + * Unserialize content using Brummann\Polyfill\Unserialize. + * + * @param string $type + * @param string $serialized + * @param bool $ignoreErrors. Optional. + * + * @return mixed + */ +function api_unserialize_content($type, $serialized, $ignoreErrors = false) +{ + switch ($type) { + case 'career': + $allowedClasses = [Graph::class, VerticesMap::class, Vertices::class, Edges::class]; + break; + case 'lp': + $allowedClasses = [ + learnpath::class, + learnpathItem::class, + aiccItem::class, + scormItem::class, + Link::class, + LpItem::class, + ]; + break; + case 'course': + $allowedClasses = [ + Course::class, + Announcement::class, + Attendance::class, + CalendarEvent::class, + CourseCopyLearnpath::class, + CourseCopyTestCategory::class, + CourseDescription::class, + CourseSession::class, + Document::class, + Forum::class, + ForumCategory::class, + ForumPost::class, + ForumTopic::class, + Glossary::class, + GradeBookBackup::class, + Link::class, + LinkCategory::class, + Quiz::class, + QuizQuestion::class, + QuizQuestionOption::class, + ScormDocument::class, + Survey::class, + SurveyInvitation::class, + SurveyQuestion::class, + Thematic::class, + ToolIntro::class, + Wiki::class, + Work::class, + stdClass::class, + ]; + break; + case 'not_allowed_classes': + default: + $allowedClasses = false; + } + + if ($ignoreErrors) { + return @Unserialize::unserialize( + $serialized, + ['allowed_classes' => $allowedClasses] + ); + } + + return Unserialize::unserialize( + $serialized, + ['allowed_classes' => $allowedClasses] + ); +} diff --git a/main/inc/lib/array.lib.php b/main/inc/lib/array.lib.php index 97cd866a69c..403b3f36a43 100755 --- a/main/inc/lib/array.lib.php +++ b/main/inc/lib/array.lib.php @@ -6,7 +6,6 @@ * * @package chamilo.library */ -use Brumann\Polyfill\Unserialize; /** * Removes duplicate values from a dimensional array. @@ -28,7 +27,7 @@ function array_unique_dimensional($array) $array = array_unique($array); foreach ($array as &$myvalue) { - $myvalue = Unserialize::unserialize($myvalue, ['allowed_classes' => false]); + $myvalue = api_unserialize_content('not_allowed_clases', $myvalue); } return $array; diff --git a/main/inc/lib/plugin.class.php b/main/inc/lib/plugin.class.php index 705dd806ec5..b2db35b5990 100755 --- a/main/inc/lib/plugin.class.php +++ b/main/inc/lib/plugin.class.php @@ -1,7 +1,6 @@ get_settings(); foreach ($settings as $setting) { if ($setting['variable'] == $this->get_name().'_'.$name) { - $unserialized = @Unserialize::unserialize( - $setting['selected_value'], - ['allowed_classes' => false] - ); + $unserialized = api_unserialize_content('not_allowed_classes', $setting['selected_value'], true); if (!empty($setting['selected_value']) && false !== $unserialized diff --git a/main/inc/lib/plugin.lib.php b/main/inc/lib/plugin.lib.php index 8e408f618d1..aca6c501b82 100755 --- a/main/inc/lib/plugin.lib.php +++ b/main/inc/lib/plugin.lib.php @@ -1,7 +1,6 @@ false] - ); + $unserialized = api_unserialize_content('not_allowed_classes', $item['selected_value'], true); if (false !== $unserialized) { $item['selected_value'] = $unserialized; } diff --git a/main/inc/lib/statistics.lib.php b/main/inc/lib/statistics.lib.php index 4951c8eb209..7f0564f6a52 100644 --- a/main/inc/lib/statistics.lib.php +++ b/main/inc/lib/statistics.lib.php @@ -1,8 +1,6 @@ false] - ); + $row[2] = api_unserialize_content('not_allowed_classes', $originalData); if (is_array($row[2]) && !empty($row[2])) { $row[2] = implode_with_key(', ', $row[2]); } else { diff --git a/main/lp/aicc_api.php b/main/lp/aicc_api.php index 4b8512e5a0c..4c09aadffaf 100755 --- a/main/lp/aicc_api.php +++ b/main/lp/aicc_api.php @@ -1,7 +1,6 @@ [ - learnpath::class, - learnpathItem::class, - aiccItem::class, - scormItem::class, - Link::class, - LpItem::class, - ], - ] -); +$oLP = api_unserialize_content('lp', Session::read('lpobject')); $oItem = $oLP->items[$oLP->current]; if (!is_object($oItem)) { error_log('New LP - scorm_api - Could not load oItem item', 0); diff --git a/main/lp/aicc_hacp.php b/main/lp/aicc_hacp.php index 94323875cf3..e2fef5e85ef 100755 --- a/main/lp/aicc_hacp.php +++ b/main/lp/aicc_hacp.php @@ -1,7 +1,6 @@ [ - learnpath::class, - learnpathItem::class, - aiccItem::class, - scormItem::class, - Link::class, - LpItem::class, - ], - ] +$oLP = api_unserialize_content( + 'not_allowed_classes', + Session::read('lpobject') ); $oItem = &$oLP->items[$oLP->current]; if (!is_object($oItem)) { diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php index ed5fe1a1217..c247229152a 100755 --- a/main/lp/learnpath.class.php +++ b/main/lp/learnpath.class.php @@ -1,7 +1,6 @@ [ - learnpath::class, - learnpathItem::class, - aiccItem::class, - scormItem::class, - Link::class, - LpItem::class, - ], - ] - ); + $learnPath = api_unserialize_content('lp', $lpObject); if ($debug) { error_log('getLpFromSession: unserialize'); error_log('------getLpFromSession------'); diff --git a/main/lp/lp_controller.php b/main/lp/lp_controller.php index 0086d004396..999aa591998 100755 --- a/main/lp/lp_controller.php +++ b/main/lp/lp_controller.php @@ -1,7 +1,6 @@ [ - learnpath::class, - learnpathItem::class, - aiccItem::class, - scormItem::class, - Link::class, - LpItem::class, - ], - ] - ); + /** @var learnpath $oLP */ + $oLP = api_unserialize_content('lp', $lpObject); if (isset($oLP) && is_object($oLP)) { if ($debug) { error_log(' oLP is object'); diff --git a/main/mySpace/my_career.php b/main/mySpace/my_career.php index 98f14c57e31..6aea78cac16 100644 --- a/main/mySpace/my_career.php +++ b/main/mySpace/my_career.php @@ -1,11 +1,7 @@ [ - Graph::class, - VerticesMap::class, - Vertices::class, - Edges::class, - ], - ] - ); + $graph = api_unserialize_content('career', $diagram['value']); $content .= Career::renderDiagram($careerInfo, $graph); } } diff --git a/plugin/ims_lti/Entity/ImsLtiTool.php b/plugin/ims_lti/Entity/ImsLtiTool.php index 365d75bb947..af9ded1dca9 100644 --- a/plugin/ims_lti/Entity/ImsLtiTool.php +++ b/plugin/ims_lti/Entity/ImsLtiTool.php @@ -3,7 +3,6 @@ namespace Chamilo\PluginBundle\Entity\ImsLti; -use Brumann\Polyfill\Unserialize; use Chamilo\CoreBundle\Entity\Course; use Chamilo\CoreBundle\Entity\GradebookEvaluation; use Doctrine\Common\Collections\ArrayCollection; @@ -466,10 +465,7 @@ public function isSharingPicture() */ public function unserializePrivacy() { - return Unserialize::unserialize( - $this->privacy, - ['allowed_classes' => false] - ); + return api_unserialize_content('not_allowed_classes', $this->privacy); } /** diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php index ac14169199d..c4230262f6c 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php @@ -3,35 +3,8 @@ namespace Chamilo\CourseBundle\Component\CourseCopy; -use Brumann\Polyfill\Unserialize; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Asset; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work; use Symfony\Component\Filesystem\Filesystem; /** @@ -370,42 +343,8 @@ class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro', 'To class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki', 'Wiki'); class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work'); - $course = Unserialize::unserialize( - base64_decode($contents), - [ - 'allowed_classes' => [ - Course::class, - Announcement::class, - Attendance::class, - CalendarEvent::class, - CourseCopyLearnpath::class, - CourseCopyTestCategory::class, - CourseDescription::class, - CourseSession::class, - Document::class, - Forum::class, - ForumCategory::class, - ForumPost::class, - ForumTopic::class, - Glossary::class, - GradeBookBackup::class, - Link::class, - LinkCategory::class, - Quiz::class, - QuizQuestion::class, - QuizQuestionOption::class, - ScormDocument::class, - Survey::class, - SurveyInvitation::class, - SurveyQuestion::class, - Thematic::class, - ToolIntro::class, - Wiki::class, - Work::class, - \stdClass::class, - ], - ] - ); + /** @var Course $course */ + $course = api_unserialize_content('course', base64_decode($contents)); if (!in_array( get_class($course), diff --git a/src/Chamilo/PageBundle/Entity/User.php b/src/Chamilo/PageBundle/Entity/User.php index fad6a1ecc36..4fefdd334f6 100644 --- a/src/Chamilo/PageBundle/Entity/User.php +++ b/src/Chamilo/PageBundle/Entity/User.php @@ -3,7 +3,6 @@ namespace Chamilo\PageBundle\Entity; -use Brumann\Polyfill\Unserialize; use Chamilo\CoreBundle\Entity\ExtraFieldValues; use Chamilo\CoreBundle\Entity\UsergroupRelUser; use Doctrine\Common\Collections\ArrayCollection; @@ -2283,10 +2282,7 @@ public function serialize() */ public function unserialize($serialized) { - $data = Unserialize::unserialize( - $serialized, - ['allowed_classes' => false] - ); + $data = api_unserialize_content('not_allowed_classes', $serialized); // add a few extra elements in the array to ensure that we have enough keys when unserializing // older data which does not include all properties. $data = array_merge($data, array_fill(0, 2, null)); From be7730cd93307b168414cf5dfef3af02a307b8af Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Thu, 28 Feb 2019 10:16:08 -0500 Subject: [PATCH 7/8] Minor - Fix typo --- main/admin/career_diagram.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/admin/career_diagram.php b/main/admin/career_diagram.php index 967ba9507f8..b118663cde2 100644 --- a/main/admin/career_diagram.php +++ b/main/admin/career_diagram.php @@ -109,7 +109,7 @@ $html = Display::page_subheader2($careerInfo['name'].$urlToString); if (!empty($item) && isset($item['value']) && !empty($item['value'])) { /** @var Graph $graph */ - $graph = api_unserialize_content('carrer', $item['value']); + $graph = api_unserialize_content('career', $item['value']); $html .= Career::renderDiagramByColumn($graph, $tpl); } else { Display::addFlash( From 102c1b7830307bc080c2cee8ae13fde0ea396760 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Thu, 28 Feb 2019 10:25:57 -0500 Subject: [PATCH 8/8] Use wrapper function to unserialize course and sequence graph --- main/inc/lib/api.lib.php | 1 + src/Chamilo/CoreBundle/Entity/Sequence.php | 15 +---- .../Component/CourseCopy/Course.php | 65 +------------------ 3 files changed, 5 insertions(+), 76 deletions(-) diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index aacb1c0462d..c63cb350e05 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -9348,6 +9348,7 @@ function api_unserialize_content($type, $serialized, $ignoreErrors = false) { switch ($type) { case 'career': + case 'sequence_graph': $allowedClasses = [Graph::class, VerticesMap::class, Vertices::class, Edges::class]; break; case 'lp': diff --git a/src/Chamilo/CoreBundle/Entity/Sequence.php b/src/Chamilo/CoreBundle/Entity/Sequence.php index 5fce1541fa0..c576b8dbef8 100644 --- a/src/Chamilo/CoreBundle/Entity/Sequence.php +++ b/src/Chamilo/CoreBundle/Entity/Sequence.php @@ -5,9 +5,6 @@ use Doctrine\ORM\Mapping as ORM; use Fhaculty\Graph\Graph; -use Fhaculty\Graph\Set\Edges; -use Fhaculty\Graph\Set\Vertices; -use Fhaculty\Graph\Set\VerticesMap; use Gedmo\Mapping\Annotation as Gedmo; /** @@ -138,17 +135,7 @@ public function hasGraph() */ public function getUnSerializeGraph() { - return Unserialize::unserialize( - $this->graph, - [ - 'allowed_classes' => [ - Graph::class, - VerticesMap::class, - Vertices::class, - Edges::class, - ], - ] - ); + return api_unserialize_content('sequence_graph', $this->graph); } /** diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php index 108e65a3d81..7fee7505f08 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/Course.php @@ -3,34 +3,7 @@ namespace Chamilo\CourseBundle\Component\CourseCopy; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption; use Chamilo\CourseBundle\Component\CourseCopy\Resources\Resource; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki; -use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work; /** * A course-object to use in Export/Import/Backup/Copy. @@ -406,41 +379,9 @@ public static function unserialize($course) if (extension_loaded('igbinary')) { $unserialized = igbinary_unserialize($course); } else { - $unserialized = Unserialize::unserialize( - $course, - [ - 'allowed_classes' => [ - Course::class, - Announcement::class, - Attendance::class, - CalendarEvent::class, - CourseCopyLearnpath::class, - CourseCopyTestCategory::class, - CourseDescription::class, - CourseSession::class, - Document::class, - Forum::class, - ForumCategory::class, - ForumPost::class, - ForumTopic::class, - Glossary::class, - GradeBookBackup::class, - Link::class, - LinkCategory::class, - Quiz::class, - QuizQuestion::class, - QuizQuestionOption::class, - ScormDocument::class, - Survey::class, - SurveyInvitation::class, - SurveyQuestion::class, - Thematic::class, - ToolIntro::class, - Wiki::class, - Work::class, - \stdClass::class, - ], - ] + $unserialized = api_unserialize_content( + 'course', + $course ); }