Changeset 5901

Timestamp:

09/08/2017 07:02:20 PM (8 years ago)

Author:

iandunn

Message:

WordCamp Base: Switch layout signature from PHP serialization to JSON.

Unserializing user input is dangerous because it can lead to PHP object injection.

File:

• sites/trunk/wordcamp.org/public_html/wp-content/themes/wordcamp-base/lib/options/class-wcb-grid-option.php (modified) (3 diffs)

sites/trunk/wordcamp.org/public_html/wp-content/themes/wordcamp-base/lib/options/class-wcb-grid-option.php

@@ -26 +26 @@
 
     function validate_layout( $input ) {
-        $input = unserialize( $input );
+        $input = json_decode( $input );
         if ( ! is_array( $input ) )
             return null;
@@ -107 +107 @@
         <div id="<?php echo esc_attr("grid-row-$this->key"); ?>" class="grid-row-layout clearfix <?php echo $this->get_option('visible') ? 'visible' : ''; ?>">
             <div class="description row-name"><?php echo esc_html( $this->label ); ?></div>
-            <input class="signature" type="hidden" <?php $this->name('layout'); ?> value="<?php echo esc_attr( serialize( $layout ) ); ?>"/>
+            <input class="signature" type="hidden" <?php $this->name('layout'); ?> value="<?php echo esc_attr( wp_json_encode( $layout ) ); ?>"/>
             <?php $this->render_row( $layout ); ?>
             <div class="edit"><a href="#"><?php echo esc_html_e( 'Edit' , 'wordcamporg'); ?></a></div>
@@ -134 +134 @@
                         $active = $this->verbose_row( $row ) == $current_layout; ?>
                         <a href="#" class="grid-row-selector <?php echo $active ? 'active' : ''; ?>">
-                            <input class="grid-row-signature" type="hidden" value="<?php echo esc_attr( serialize( $row ) ); ?>"/>
+                            <input class="grid-row-signature" type="hidden" value="<?php echo esc_attr( wp_json_encode( $row ) ); ?>"/>
                             <?php $this->render_row( $row ); ?>
                         </a>