mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-02-16 05:45:36 +01:00
Code Issues Projects Releases Wiki Activity

MDL-33430 Make file_storage::unpack_reference() more picky on what it gets

Browse Source
This commit is contained in:
David Mudrák 2012-06-20 11:48:42 +02:00
parent f4a9bf65da
commit 6feae1d256
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/filestorage/file_storage.php
View File

@ -1659,7 +1659,14 @@ class file_storage {
* @return array
*/
public static function unpack_reference($str, $cleanparams = false) {
$params = unserialize(base64_decode($str));
$decoded = base64_decode($str, true);
if ($decoded === false) {
throw new file_reference_exception(null, $str, null, null, 'Invalid base64 format');
}
$params = @unserialize($decoded); // hide E_NOTICE
if ($params === false) {
throw new file_reference_exception(null, $decoded, null, null, 'Not an unserializeable value');
}
if (is_array($params) && $cleanparams) {
$params = array(
'component' => is_null($params['component']) ? '' : clean_param($params['component'], PARAM_COMPONENT),