From 0b35c4e2bfd88eff0aa2a7cc510c5b8cada383ad Mon Sep 17 00:00:00 2001 From: Aaron Jorbin Date: Thu, 12 Oct 2023 12:34:33 +0000 Subject: [PATCH] Prevent unintended behavior when certain objects are unserialized. Props ehtis, xknown. Built from https://develop.svn.wordpress.org/trunk@56835 git-svn-id: http://core.svn.wordpress.org/trunk@56347 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/Requests/src/Hooks.php | 4 +++ wp-includes/Requests/src/Iri.php | 14 ++++++++ wp-includes/Requests/src/Session.php | 4 +++ .../class-wp-block-patterns-registry.php | 15 ++++++++ wp-includes/class-wp-block-type-registry.php | 14 ++++++++ wp-includes/class-wp-theme.php | 34 +++++++++++++++++++ wp-includes/version.php | 2 +- 7 files changed, 86 insertions(+), 1 deletion(-) diff --git a/wp-includes/Requests/src/Hooks.php b/wp-includes/Requests/src/Hooks.php index 74fba0b3e1..d8023ed0bb 100644 --- a/wp-includes/Requests/src/Hooks.php +++ b/wp-includes/Requests/src/Hooks.php @@ -96,4 +96,8 @@ class Hooks implements HookManager { return true; } + + public function __wakeup() { + throw new \LogicException( __CLASS__ . ' should never be unserialized' ); + } } diff --git a/wp-includes/Requests/src/Iri.php b/wp-includes/Requests/src/Iri.php index c452c7365b..41ea7a8a8c 100644 --- a/wp-includes/Requests/src/Iri.php +++ b/wp-includes/Requests/src/Iri.php @@ -717,6 +717,20 @@ class Iri { return true; } + public function __wakeup() { + $class_props = get_class_vars( __CLASS__ ); + $string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' ); + $array_props = array( 'normalization' ); + foreach ( $class_props as $prop => $default_value ) { + if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) { + throw new UnexpectedValueException(); + } elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) { + throw new UnexpectedValueException(); + } + $this->$prop = null; + } + } + /** * Set the entire IRI. Returns true on success, false on failure (if there * are any invalid characters). diff --git a/wp-includes/Requests/src/Session.php b/wp-includes/Requests/src/Session.php index 000d2526d4..0a63279022 100644 --- a/wp-includes/Requests/src/Session.php +++ b/wp-includes/Requests/src/Session.php @@ -265,6 +265,10 @@ class Session { return Requests::request_multiple($requests, $options); } + public function __wakeup() { + throw new \LogicException( __CLASS__ . ' should never be unserialized' ); + } + /** * Merge a request's data with the default data * diff --git a/wp-includes/class-wp-block-patterns-registry.php b/wp-includes/class-wp-block-patterns-registry.php index e516277e42..a11bac06be 100644 --- a/wp-includes/class-wp-block-patterns-registry.php +++ b/wp-includes/class-wp-block-patterns-registry.php @@ -230,6 +230,21 @@ final class WP_Block_Patterns_Registry { return isset( $this->registered_patterns[ $pattern_name ] ); } + public function __wakeup() { + if ( ! $this->registered_patterns ) { + return; + } + if ( ! is_array( $this->registered_patterns ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->registered_patterns as $value ) { + if ( ! is_array( $value ) ) { + throw new UnexpectedValueException(); + } + } + $this->registered_patterns_outside_init = array(); + } + /** * Utility method to retrieve the main instance of the class. * diff --git a/wp-includes/class-wp-block-type-registry.php b/wp-includes/class-wp-block-type-registry.php index 84adecd5d0..49e7bd60ae 100644 --- a/wp-includes/class-wp-block-type-registry.php +++ b/wp-includes/class-wp-block-type-registry.php @@ -168,6 +168,20 @@ final class WP_Block_Type_Registry { return isset( $this->registered_block_types[ $name ] ); } + public function __wakeup() { + if ( ! $this->registered_block_types ) { + return; + } + if ( ! is_array( $this->registered_block_types ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->registered_block_types as $value ) { + if ( ! $value instanceof WP_Block_Type ) { + throw new UnexpectedValueException(); + } + } + } + /** * Utility method to retrieve the main instance of the class. * diff --git a/wp-includes/class-wp-theme.php b/wp-includes/class-wp-theme.php index 89c4cb976a..40812c72bc 100644 --- a/wp-includes/class-wp-theme.php +++ b/wp-includes/class-wp-theme.php @@ -772,6 +772,28 @@ final class WP_Theme implements ArrayAccess { return isset( $this->parent ) ? $this->parent : false; } + /** + * Perform reinitialization tasks. + * + * Prevents a callback from being injected during unserialization of an object. + * + * @return void + */ + public function __wakeup() { + if ( $this->parent && ! $this->parent instanceof self ) { + throw new UnexpectedValueException(); + } + if ( $this->headers && ! is_array( $this->headers ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->headers as $value ) { + if ( ! is_string( $value ) ) { + throw new UnexpectedValueException(); + } + } + $this->headers_sanitized = array(); + } + /** * Adds theme data to cache. * @@ -1918,4 +1940,16 @@ final class WP_Theme implements ArrayAccess { private static function _name_sort_i18n( $a, $b ) { return strnatcasecmp( $a->name_translated, $b->name_translated ); } + + private static function _check_headers_property_has_correct_type( $headers ) { + if ( ! is_array( $headers ) ) { + return false; + } + foreach ( $headers as $key => $value ) { + if ( ! is_string( $key ) || ! is_string( $value ) ) { + return false; + } + } + return true; + } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 8765b7adbd..a8440824d6 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.4-beta3-56834'; +$wp_version = '6.4-beta3-56835'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.