summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Droogmans2016-07-13 09:46:27 +0200
committerPeter Droogmans2016-07-13 09:46:27 +0200
commit1cb735674e364b32a4418f00018acbbdd65a7cc2 (patch)
treee97d9a8c3d8bfaaf2d4d214cafe21b84aa1583e0
parentadc00e46f9e853be3216cf5b807227bb1575a732 (diff)
Fix theme_webform_render_multifile7.x-1.4
-rw-r--r--multifile.inc20
-rw-r--r--safe_unserialize.inc150
-rw-r--r--webform_multifile.install31
-rw-r--r--webform_multifile.module6
4 files changed, 194 insertions, 13 deletions
diff --git a/multifile.inc b/multifile.inc
index 3df6938..da47ce8 100644
--- a/multifile.inc
+++ b/multifile.inc
@@ -423,7 +423,7 @@ function theme_webform_render_multifile($variables) {
$webform_nid = $element['#webform_component']['nid'];
$component_id = $element['#webform_component']['cid'];
$submission_id = arg(3);
- if ($fids = unserialize($value)) {
+ if ($fids = drupal_json_decode($value)) {
$suffix = '';
foreach (webform_get_multifile($fids) as $file) {
$suffix .= '<div class="multifile-file"> ';
@@ -563,7 +563,7 @@ function _webform_validate_multifile(&$element, &$form_state) {
* Implementation of _webform_submit_component().
*/
function _webform_submit_multifile($component, $value) {
- $old_fids = isset($value['_old_fids']) ? unserialize($value['_old_fids']) : NULL;
+ $old_fids = isset($value['_old_fids']) ? drupal_json_decode($value['_old_fids']) : NULL;
if ($fids = $value['_fids']) {
$files = webform_get_multifile($fids);
@@ -583,7 +583,7 @@ function _webform_submit_multifile($component, $value) {
}
if ($fids) {
- return serialize($fids);
+ return drupal_json_encode($fids);
}
}
@@ -591,7 +591,7 @@ function _webform_submit_multifile($component, $value) {
* Implementation of _webform_display_component().
*/
function _webform_display_multifile($component, $value, $format = 'html') {
- $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+ $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
return array(
'#title' => $component['name'],
'#value' => $fids ? webform_get_multifile($fids) : NULL,
@@ -632,7 +632,7 @@ function theme_webform_display_multifile($variables) {
*/
function _webform_delete_multifile($component, $value) {
// Delete a set of files on an individual submission.
- $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+ $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
foreach (webform_get_multifile($fids) as $file) {
file_delete($file);
}
@@ -660,7 +660,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
$numfiles = 0;
while ($data = $result->fetchAssoc()) {
- if ($fids = unserialize($data['data'])) {
+ if ($fids = drupal_json_decode($data['data'])) {
$counter = 0;
foreach (webform_get_multifile($fids) as $file) {
if (isset($file->filesize)) {
@@ -688,7 +688,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
*/
function _webform_table_multifile($component, $value) {
$links = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
if (!empty($file->fid)) {
$link = l(webform_multifile_name($file->uri), webform_multifile_url($file->uri));
@@ -720,7 +720,7 @@ function _webform_csv_headers_multifile($component, $export_options) {
function _webform_csv_data_multifile($component, $export_options, $value) {
$filenames = array();
$sizes = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
$filenames[] = webform_multifile_url($file->uri);
$sizes[] = (int) ($file->filesize/1024);
@@ -740,7 +740,7 @@ function _webform_csv_data_multifile($component, $export_options, $value) {
*/
function _webform_get_files_multifile($value) {
$files = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
$files[] = $file;
}
@@ -832,7 +832,7 @@ function _webform_multifile_get_files_array_value($value, $form_key) {
*/
function _webform_attachments_multifile($component, $value) {
static $files = array();
- $fids = unserialize($value[0]);
+ $fids = drupal_json_decode($value[0]);
$return_files = array();
foreach ($fids as $fid) {
if (!isset($files[$fid])) {
diff --git a/safe_unserialize.inc b/safe_unserialize.inc
new file mode 100644
index 0000000..f0ba050
--- /dev/null
+++ b/safe_unserialize.inc
@@ -0,0 +1,150 @@
+<?php
+
+/**
+ * @file
+ * Contains helper functions for webform_multifile_update_7001().
+ */
+
+/**
+ * Safe unserialize() replacement
+ * - accepts a strict subset of PHP's native serialized representation
+ * - does not unserialize objects
+ *
+ * @param string $str
+ * @return mixed
+ * @throw Exception if $str is malformed or contains unsupported types (e.g., resources, objects)
+ */
+function _safe_unserialize($str) {
+ if (empty($str) || !is_string($str)) {
+ return false;
+ }
+ $stack = array();
+ $expected = array();
+ /*
+ * states:
+ * 0 - initial state, expecting a single value or array
+ * 1 - terminal state
+ * 2 - in array, expecting end of array or a key
+ * 3 - in array, expecting value or another array
+ */
+ $state = 0;
+ while ($state != 1) {
+ $type = isset($str[0]) ? $str[0] : '';
+ if ($type == '}') {
+ $str = substr($str, 1);
+ }
+ else if ($type == 'N' && $str[1] == ';') {
+ $value = null;
+ $str = substr($str, 2);
+ }
+ else if ($type == 'b' && preg_match('/^b:([01]);/', $str, $matches)) {
+ $value = $matches[1] == '1' ? true : false;
+ $str = substr($str, 4);
+ }
+ else if ($type == 'i' && preg_match('/^i:(-?[0-9]+);(.*)/s', $str, $matches)) {
+ $value = (int) $matches[1];
+ $str = $matches[2];
+ }
+ else if ($type == 'd' && preg_match('/^d:(-?[0-9]+\.?[0-9]*(E[+-][0-9]+)?);(.*)/s', $str, $matches)) {
+ $value = (float) $matches[1];
+ $str = $matches[3];
+ }
+ else if ($type == 's' && preg_match('/^s:([0-9]+):"(.*)/s', $str, $matches) && substr($matches[2], (int) $matches[1], 2) == '";') {
+ $value = substr($matches[2], 0, (int) $matches[1]);
+ $str = substr($matches[2], (int) $matches[1] + 2);
+ }
+ else if ($type == 'a' && preg_match('/^a:([0-9]+):{(.*)/s', $str, $matches)) {
+ $expectedLength = (int) $matches[1];
+ $str = $matches[2];
+ }
+ else {
+ // object or unknown/malformed type
+ return false;
+ }
+ switch ($state) {
+ case 3: // in array, expecting value or another array
+ if ($type == 'a') {
+ $stack[] = &$list;
+ $list[$key] = array();
+ $list = &$list[$key];
+ $expected[] = $expectedLength;
+ $state = 2;
+ break;
+ }
+ if ($type != '}') {
+ $list[$key] = $value;
+ $state = 2;
+ break;
+ }
+ // missing array value
+ return false;
+ case 2: // in array, expecting end of array or a key
+ if ($type == '}') {
+ if (count($list) < end($expected)) {
+ // array size less than expected
+ return false;
+ }
+ unset($list);
+ $list = &$stack[count($stack) - 1];
+ array_pop($stack);
+ // go to terminal state if we're at the end of the root array
+ array_pop($expected);
+ if (count($expected) == 0) {
+ $state = 1;
+ }
+ break;
+ }
+ if ($type == 'i' || $type == 's') {
+ if (count($list) >= end($expected)) {
+ // array size exceeds expected length
+ return false;
+ }
+ $key = $value;
+ $state = 3;
+ break;
+ }
+ // illegal array index type
+ return false;
+ case 0: // expecting array or value
+ if ($type == 'a') {
+ $data = array();
+ $list = &$data;
+ $expected[] = $expectedLength;
+ $state = 2;
+ break;
+ }
+ if ($type != '}') {
+ $data = $value;
+ $state = 1;
+ break;
+ }
+ // not in array
+ return false;
+ }
+ }
+ if (!empty($str)) {
+ // trailing data in input
+ return false;
+ }
+ return $data;
+}
+
+/**
+ * Wrapper for _safe_unserialize() that handles exceptions and multibyte encoding issue
+ *
+ * @param string $str
+ * @return mixed
+ */
+function safe_unserialize($str) {
+ // ensure we use the byte count for strings even when strlen() is overloaded by mb_strlen()
+ if (function_exists('mb_internal_encoding') &&
+ (((int) ini_get('mbstring.func_overload')) & 2)) {
+ $mbIntEnc = mb_internal_encoding();
+ mb_internal_encoding('ASCII');
+ }
+ $out = _safe_unserialize($str);
+ if (isset($mbIntEnc)) {
+ mb_internal_encoding($mbIntEnc);
+ }
+ return $out;
+}
diff --git a/webform_multifile.install b/webform_multifile.install
index ce420c0..863a691 100644
--- a/webform_multifile.install
+++ b/webform_multifile.install
@@ -30,3 +30,34 @@ function webform_multifile_requirements($phase) {
}
return $requirements;
}
+
+/**
+ * Convert serialized php arrays to json encoded strings.
+ */
+function webform_multifile_update_7001(&$sandbox) {
+ $q = db_select('webform_submitted_data', 'd')
+ ->fields('d');
+ $q->join('webform_component', 'c', 'c.cid = d.cid');
+ $q->condition('c.type', 'multifile');
+ if (!isset($sandbox['total'])) {
+ $sandbox['current'] = 0;
+ $sandbox['total'] = $q->countQuery()->execute()->fetchField();
+ }
+ $q->range($sandbox['current'], 50);
+ module_load_include('inc', 'webform_multifile', 'safe_unserialize');
+ foreach ($q->execute()->fetchAll() as $data) {
+ $data->data = drupal_json_encode(safe_unserialize($data->data));
+ db_update('webform_submitted_data')
+ ->fields(array('data' => $data->data))
+ ->condition('nid', $data->nid)
+ ->condition('sid', $data->sid)
+ ->condition('cid', $data->cid)
+ ->condition('no', $data->no)
+ ->execute();
+ $sandbox['current']++;
+ }
+ $sandbox['#finished'] = 1;
+ if ($sandbox['current'] < $sandbox['total']) {
+ $sandbox['#finished'] = $sandbox['current'] / $sandbox['total'];
+ }
+}
diff --git a/webform_multifile.module b/webform_multifile.module
index 0e67055..7fe13bc 100644
--- a/webform_multifile.module
+++ b/webform_multifile.module
@@ -71,10 +71,10 @@ function webform_multifile_delete_form_submit($form, &$form_state) {
$file = file_load($form_state['values']['fid']);
file_delete($file);
// Update the submission data and re-save it without the deleted fid.
- $fids = unserialize($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
+ $fids = drupal_json_decode($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
$key = array_search($file->fid, $fids);
unset($fids[$key]);
- $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = serialize($fids);
+ $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = drupal_json_encode($fids);
module_load_include('inc', 'webform', 'includes/webform.submissions');
webform_submission_update($form_state['values']['webform'], $form_state['values']['submission']);
$form_state['redirect'] = 'node/' . $form_state['values']['webform']->nid . '/submission/' . $form_state['values']['submission']->sid . '/edit';
@@ -94,7 +94,7 @@ function webform_multifile_file_download($uri) {
$multifile_scan = $q->execute();
$submission_id = $submission_uid = NULL;
while ($multifile_row = $multifile_scan->fetchAssoc()) {
- $file_ids = unserialize($multifile_row['data']);
+ $file_ids = drupal_json_decode($multifile_row['data']);
if (in_array($target_document->fid, $file_ids) ) {
$submission_id = $multifile_row['sid'];
}