diff --git a/multifile.inc b/multifile.inc
index 3df6938f7b933528892749a2d252ec7d6edee5ee..da47ce81500e5e5f8857d99e7f101bf8b19f4528 100644
--- a/multifile.inc
+++ b/multifile.inc
@@ -423,7 +423,7 @@ function theme_webform_render_multifile($variables) {
$webform_nid = $element['#webform_component']['nid'];
$component_id = $element['#webform_component']['cid'];
$submission_id = arg(3);
- if ($fids = unserialize($value)) {
+ if ($fids = drupal_json_decode($value)) {
$suffix = '';
foreach (webform_get_multifile($fids) as $file) {
$suffix .= '
';
@@ -563,7 +563,7 @@ function _webform_validate_multifile(&$element, &$form_state) {
* Implementation of _webform_submit_component().
*/
function _webform_submit_multifile($component, $value) {
- $old_fids = isset($value['_old_fids']) ? unserialize($value['_old_fids']) : NULL;
+ $old_fids = isset($value['_old_fids']) ? drupal_json_decode($value['_old_fids']) : NULL;
if ($fids = $value['_fids']) {
$files = webform_get_multifile($fids);
@@ -583,7 +583,7 @@ function _webform_submit_multifile($component, $value) {
}
if ($fids) {
- return serialize($fids);
+ return drupal_json_encode($fids);
}
}
@@ -591,7 +591,7 @@ function _webform_submit_multifile($component, $value) {
* Implementation of _webform_display_component().
*/
function _webform_display_multifile($component, $value, $format = 'html') {
- $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+ $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
return array(
'#title' => $component['name'],
'#value' => $fids ? webform_get_multifile($fids) : NULL,
@@ -632,7 +632,7 @@ function theme_webform_display_multifile($variables) {
*/
function _webform_delete_multifile($component, $value) {
// Delete a set of files on an individual submission.
- $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+ $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
foreach (webform_get_multifile($fids) as $file) {
file_delete($file);
}
@@ -660,7 +660,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
$numfiles = 0;
while ($data = $result->fetchAssoc()) {
- if ($fids = unserialize($data['data'])) {
+ if ($fids = drupal_json_decode($data['data'])) {
$counter = 0;
foreach (webform_get_multifile($fids) as $file) {
if (isset($file->filesize)) {
@@ -688,7 +688,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
*/
function _webform_table_multifile($component, $value) {
$links = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
if (!empty($file->fid)) {
$link = l(webform_multifile_name($file->uri), webform_multifile_url($file->uri));
@@ -720,7 +720,7 @@ function _webform_csv_headers_multifile($component, $export_options) {
function _webform_csv_data_multifile($component, $export_options, $value) {
$filenames = array();
$sizes = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
$filenames[] = webform_multifile_url($file->uri);
$sizes[] = (int) ($file->filesize/1024);
@@ -740,7 +740,7 @@ function _webform_csv_data_multifile($component, $export_options, $value) {
*/
function _webform_get_files_multifile($value) {
$files = array();
- if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+ if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
foreach (webform_get_multifile($fids) as $file) {
$files[] = $file;
}
@@ -832,7 +832,7 @@ function _webform_multifile_get_files_array_value($value, $form_key) {
*/
function _webform_attachments_multifile($component, $value) {
static $files = array();
- $fids = unserialize($value[0]);
+ $fids = drupal_json_decode($value[0]);
$return_files = array();
foreach ($fids as $fid) {
if (!isset($files[$fid])) {
diff --git a/safe_unserialize.inc b/safe_unserialize.inc
new file mode 100644
index 0000000000000000000000000000000000000000..f0ba050f799233150a81f215e2f97d9b298c2e47
--- /dev/null
+++ b/safe_unserialize.inc
@@ -0,0 +1,150 @@
+= end($expected)) {
+ // array size exceeds expected length
+ return false;
+ }
+ $key = $value;
+ $state = 3;
+ break;
+ }
+ // illegal array index type
+ return false;
+ case 0: // expecting array or value
+ if ($type == 'a') {
+ $data = array();
+ $list = &$data;
+ $expected[] = $expectedLength;
+ $state = 2;
+ break;
+ }
+ if ($type != '}') {
+ $data = $value;
+ $state = 1;
+ break;
+ }
+ // not in array
+ return false;
+ }
+ }
+ if (!empty($str)) {
+ // trailing data in input
+ return false;
+ }
+ return $data;
+}
+
+/**
+ * Wrapper for _safe_unserialize() that handles exceptions and multibyte encoding issue
+ *
+ * @param string $str
+ * @return mixed
+ */
+function safe_unserialize($str) {
+ // ensure we use the byte count for strings even when strlen() is overloaded by mb_strlen()
+ if (function_exists('mb_internal_encoding') &&
+ (((int) ini_get('mbstring.func_overload')) & 2)) {
+ $mbIntEnc = mb_internal_encoding();
+ mb_internal_encoding('ASCII');
+ }
+ $out = _safe_unserialize($str);
+ if (isset($mbIntEnc)) {
+ mb_internal_encoding($mbIntEnc);
+ }
+ return $out;
+}
diff --git a/webform_multifile.install b/webform_multifile.install
index ce420c00aebf67da737721dd2198253edf7a5fe6..863a691ec7f6185844cb48e0fa59a79ef3c10548 100644
--- a/webform_multifile.install
+++ b/webform_multifile.install
@@ -30,3 +30,34 @@ function webform_multifile_requirements($phase) {
}
return $requirements;
}
+
+/**
+ * Convert serialized php arrays to json encoded strings.
+ */
+function webform_multifile_update_7001(&$sandbox) {
+ $q = db_select('webform_submitted_data', 'd')
+ ->fields('d');
+ $q->join('webform_component', 'c', 'c.cid = d.cid');
+ $q->condition('c.type', 'multifile');
+ if (!isset($sandbox['total'])) {
+ $sandbox['current'] = 0;
+ $sandbox['total'] = $q->countQuery()->execute()->fetchField();
+ }
+ $q->range($sandbox['current'], 50);
+ module_load_include('inc', 'webform_multifile', 'safe_unserialize');
+ foreach ($q->execute()->fetchAll() as $data) {
+ $data->data = drupal_json_encode(safe_unserialize($data->data));
+ db_update('webform_submitted_data')
+ ->fields(array('data' => $data->data))
+ ->condition('nid', $data->nid)
+ ->condition('sid', $data->sid)
+ ->condition('cid', $data->cid)
+ ->condition('no', $data->no)
+ ->execute();
+ $sandbox['current']++;
+ }
+ $sandbox['#finished'] = 1;
+ if ($sandbox['current'] < $sandbox['total']) {
+ $sandbox['#finished'] = $sandbox['current'] / $sandbox['total'];
+ }
+}
diff --git a/webform_multifile.module b/webform_multifile.module
index 0e67055e27430311c1e1b538a3e60e1b5f2a653c..7fe13bcaa953446bc8ef00ca6202cb90e574bd1b 100644
--- a/webform_multifile.module
+++ b/webform_multifile.module
@@ -71,10 +71,10 @@ function webform_multifile_delete_form_submit($form, &$form_state) {
$file = file_load($form_state['values']['fid']);
file_delete($file);
// Update the submission data and re-save it without the deleted fid.
- $fids = unserialize($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
+ $fids = drupal_json_decode($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
$key = array_search($file->fid, $fids);
unset($fids[$key]);
- $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = serialize($fids);
+ $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = drupal_json_encode($fids);
module_load_include('inc', 'webform', 'includes/webform.submissions');
webform_submission_update($form_state['values']['webform'], $form_state['values']['submission']);
$form_state['redirect'] = 'node/' . $form_state['values']['webform']->nid . '/submission/' . $form_state['values']['submission']->sid . '/edit';
@@ -94,7 +94,7 @@ function webform_multifile_file_download($uri) {
$multifile_scan = $q->execute();
$submission_id = $submission_uid = NULL;
while ($multifile_row = $multifile_scan->fetchAssoc()) {
- $file_ids = unserialize($multifile_row['data']);
+ $file_ids = drupal_json_decode($multifile_row['data']);
if (in_array($target_document->fid, $file_ids) ) {
$submission_id = $multifile_row['sid'];
}