chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use brumann/polyfill-unserialize to unserialize content

Browse Source
pull/2821/head
Angel Fernando Quiroz Campos 7 years ago
parent 7756aae488
commit f936d459b9
26 changed files with 361 additions and 39 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      main/admin/career_diagram.php
  2. 6
      main/admin/gradebook_list.php
  3. 6
      main/auth/sso/sso.Drupal.class.php
  4. 6
      main/auth/sso/sso.class.php
  5. 12
      main/course_home/course_home.php
  6. 16
      main/exercise/hotspot_admin.inc.php
  7. 6
      main/exercise/question.class.php
  8. 16
      main/exercise/upload_exercise.php
  9. 9
      main/extra/upgrade_school_calendar.php
  10. 15
      main/gradebook/lib/be/category.class.php
  11. 11
      main/inc/lib/api.lib.php
  12. 4
      main/inc/lib/array.lib.php
  13. 10
      main/inc/lib/plugin.class.php
  14. 9
      main/inc/lib/plugin.lib.php
  15. 7
      main/inc/lib/statistics.lib.php
  16. 16
      main/lp/aicc_api.php
  17. 16
      main/lp/aicc_hacp.php
  18. 15
      main/lp/learnpath.class.php
  19. 16
      main/lp/lp_controller.php
  20. 14
      main/lp/scorm_api.php
  21. 19
      main/mySpace/my_career.php
  22. 6
      plugin/ims_lti/Entity/ImsLtiTool.php
  23. 15
      src/Chamilo/CoreBundle/Entity/Sequence.php
  24. 63
      src/Chamilo/CourseBundle/Component/CourseCopy/Course.php
  25. 62
      src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php
  26. 6
      src/Chamilo/PageBundle/Entity/User.php

19
main/admin/career_diagram.php
Unescape View File

@ -14,6 +14,12 @@ UPDATE extra_field_values SET updated_at = NULL WHERE CAST(updated_at AS CHAR(20
ALTER TABLE extra_field_values modify column value longtext null;
*/
use Brumann\Polyfill\Unserialize;
use Fhaculty\Graph\Graph;
use Fhaculty\Graph\Set\Edges;
use Fhaculty\Graph\Set\Vertices;
use Fhaculty\Graph\Set\VerticesMap;
$cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
@ -106,7 +112,18 @@ if (!empty($itemUrls) && !empty($itemUrls['value'])) {
$tpl = new Template(get_lang('Diagram'));
$html = Display::page_subheader2($careerInfo['name'].$urlToString);
if (!empty($item) && isset($item['value']) && !empty($item['value'])) {
$graph = unserialize($item['value']);
/** @var Graph $graph */
$graph = Unserialize::unserialize(
$item['value'],
[
'allowed_classes' => [
Graph::class,
VerticesMap::class,
Vertices::class,
Edges::class
],
]
);
$html .= Career::renderDiagramByColumn($graph, $tpl);
} else {
Display::addFlash(

6
main/admin/gradebook_list.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\GradebookCategory;
use Doctrine\Common\Collections\Criteria;
use Knp\Component\Pager\Paginator;
@ -188,7 +189,10 @@ switch ($action) {
$options = [];
if (!empty($categoryData['depends'])) {
$list = unserialize($categoryData['depends']);
$list = Unserialize::unserialize(
$categoryData['depends'],
['allowed_classes' => false]
);
foreach ($list as $itemId) {
$courseInfo = api_get_course_info_by_id($itemId);
$options[$itemId] = $courseInfo['name'];

6
main/auth/sso/sso.Drupal.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -293,6 +294,9 @@ class ssoDrupal
*/
private function decode_cookie($cookie)
{
return unserialize(base64_decode($cookie));
return Unserialize::unserialize(
base64_decode($cookie),
['allowed_classes' => false]
);
}
}

6
main/auth/sso/sso.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -296,6 +297,9 @@ class sso
*/
private function decode_cookie($cookie)
{
return unserialize(base64_decode($cookie));
return Unserialize::unserialize(
base64_decode($cookie),
['allowed_classes' => false]
);
}
}

12
main/course_home/course_home.php
Unescape View File

@ -1,7 +1,12 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
use Fhaculty\Graph\Graph;
use Fhaculty\Graph\Set\Edges;
use Fhaculty\Graph\Set\Vertices;
use Fhaculty\Graph\Set\VerticesMap;
/**
* HOME PAGE FOR EACH COURSE.
@ -392,7 +397,12 @@ if ($allow === true) {
);
if (!empty($item) && isset($item['value']) && !empty($item['value'])) {
$graph = unserialize($item['value']);
$graph = Unserialize::unserialize(
$item['value'],
[
'allowed_classes' => [Graph::class, VerticesMap::class, Vertices::class, Edges::class],
]
);
$diagram = Career::renderDiagram($careerInfo, $graph);
}
}

16
main/exercise/hotspot_admin.inc.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -56,13 +57,14 @@ if ($modifyIn) {
$objAnswer = new Answer($questionId);
}
$color = unserialize($color);
$reponse = unserialize($reponse);
$comment = unserialize($comment);
$weighting = unserialize($weighting);
$hotspot_coordinates = unserialize($hotspot_coordinates);
$hotspot_type = unserialize($hotspot_type);
$destination = unserialize($destination);
$color = Unserialize::unserialize($color, ['allowed_classes' => false]);
$reponse = Unserialize::unserialize($reponse, ['allowed_classes' => false]);
$comment = Unserialize::unserialize($comment, ['allowed_classes' => false]);
$comment = Unserialize::unserialize($comment, ['allowed_classes' => false]);
$weighting = Unserialize::unserialize($weighting, ['allowed_classes' => false]);
$hotspot_coordinates = Unserialize::unserialize($hotspot_coordinates, ['allowed_classes' => false]);
$hotspot_type = Unserialize::unserialize($hotspot_type, ['allowed_classes' => false]);
$destination = Unserialize::unserialize($destination, ['allowed_classes' => false]);
unset($buttonBack);
}

6
main/exercise/question.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CourseBundle\Entity\CQuizAnswer;
/**
@ -1145,7 +1146,10 @@ abstract class Question
$se_doc = $di->get_document((int) $se_ref['search_did']);
if ($se_doc !== false) {
if (($se_doc_data = $di->get_document_data($se_doc)) !== false) {
$se_doc_data = unserialize($se_doc_data);
$se_doc_data = Unserialize::unserialize(
$se_doc_data,
['allowed_classes' => false]
);
if (isset($se_doc_data[SE_DATA]['type']) &&
$se_doc_data[SE_DATA]['type'] == SE_DOCTYPE_EXERCISE_QUESTION
) {

16
main/exercise/upload_exercise.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -548,7 +549,20 @@ function lp_upload_quiz_action_handling()
$lpObject = Session::read('lpobject');
if (!empty($lpObject)) {
$oLP = unserialize($lpObject);
/** @var learnpath $oLP */
$oLP = Unserialize::unserialize(
$lpObject,
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
if (is_object($oLP)) {
if ((empty($oLP->cc)) || $oLP->cc != api_get_course_id()) {
$oLP = null;

9
main/extra/upgrade_school_calendar.php
Unescape View File

@ -2,6 +2,8 @@
/* For licensing terms, see /license.txt */
// not used??
use Brumann\Polyfill\Unserialize;
exit;
require_once '../inc/global.inc.php';
@ -28,6 +30,11 @@ $d_id = (int) $d_id;
$d_number = (int) $d_number;
$sql4 = "UPDATE set_module SET cal_day_num = $d_number WHERE id = $d_id ";
Database::query($sql4);
print_r(unserialize(Security::remove_XSS($_POST['aaa'])));
print_r(
Unserialize::unserialize(
Security::remove_XSS($_POST['aaa']),
['allowed_classes' => false]
)
);
Display::display_footer();

15
main/gradebook/lib/be/category.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\GradebookCategory;
use ChamiloSession as Session;
@ -264,12 +265,16 @@ class Category implements GradebookItem
*/
public function setCourseListDependency($value)
{
$result = [];
if (@unserialize($value) !== false) {
$result = unserialize($value);
}
$this->courseDependency = [];
$this->courseDependency = $result;
$unserialized = @Unserialize::unserialize(
$value,
['allowed_classes' => false]
);
if (false !== $unserialized) {
$this->courseDependency = $unserialized;
}
}
/**

11
main/inc/lib/api.lib.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\SettingsCurrent;
use Chamilo\CourseBundle\Entity\CItemProperty;
use Chamilo\UserBundle\Entity\User;
@ -2766,8 +2767,14 @@ function api_get_plugin_setting($plugin, $variable)
if (isset($result[$plugin])) {
$value = $result[$plugin];
if (@unserialize($value) !== false) {
$value = unserialize($value);
$unserialized = @Unserialize::unserialize(
$value,
['allowed_classes' => false]
);
if (false !== $unserialized) {
$value = $unserialized;
}
return $value;

4
main/inc/lib/array.lib.php
Unescape View File

@ -7,6 +7,8 @@
* @package chamilo.library
*/
use Brumann\Polyfill\Unserialize;
/**
* Removes duplicate values from a dimensional array.
*
@ -27,7 +29,7 @@ function array_unique_dimensional($array)
$array = array_unique($array);
foreach ($array as &$myvalue) {
$myvalue = unserialize($myvalue);
$myvalue = Unserialize::unserialize($myvalue, ['allowed_classes' => false]);
}
return $array;

10
main/inc/lib/plugin.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CourseBundle\Entity\CTool;
/**
@ -322,10 +323,15 @@ class Plugin
$settings = $this->get_settings();
foreach ($settings as $setting) {
if ($setting['variable'] == $this->get_name().'_'.$name) {
$unserialized = @Unserialize::unserialize(
$setting['selected_value'],
['allowed_classes' => false]
);
if (!empty($setting['selected_value']) &&
@unserialize($setting['selected_value']) !== false
false !== $unserialized
) {
$setting['selected_value'] = unserialize($setting['selected_value']);
$setting['selected_value'] = $unserialized;
}
return $setting['selected_value'];

9
main/inc/lib/plugin.lib.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* See license terms in /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -437,8 +438,12 @@ class AppPlugin
$settings_filtered = [];
foreach ($plugin_settings as $item) {
if (!empty($item['selected_value'])) {
if (@unserialize($item['selected_value']) !== false) {
$item['selected_value'] = unserialize($item['selected_value']);
$unserialized = @Unserialize::unserialize(
$item['selected_value'],
['allowed_classes' => false]
);
if (false !== $unserialized) {
$item['selected_value'] = $unserialized;
}
}
$settings_filtered[$item['variable']] = $item['selected_value'];

7
main/inc/lib/statistics.lib.php
Unescape View File

@ -1,6 +1,8 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
/**
* This class provides some functions for statistics.
*
@ -305,7 +307,10 @@ class Statistics
} else {
if (!empty($row[2])) {
$originalData = str_replace('\\', '', $row[2]);
$row[2] = unserialize($originalData);
$row[2] = Unserialize::unserialize(
$originalData,
['allowed_classes' => false]
);
if (is_array($row[2]) && !empty($row[2])) {
$row[2] = implode_with_key(', ', $row[2]);
} else {

16
main/lp/aicc_api.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -35,7 +36,20 @@ require_once __DIR__.'/../inc/global.inc.php';
// Is this needed? This is probabaly done in the header file.
$file = Session::read('file');
$oLP = unserialize(Session::read('lpobject'));
/** @var learnpath $oLP */
$oLP = Unserialize::unserialize(
Session::read('lpobject'),
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
$oItem = $oLP->items[$oLP->current];
if (!is_object($oItem)) {
error_log('New LP - scorm_api - Could not load oItem item', 0);

16
main/lp/aicc_hacp.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -63,7 +64,20 @@ if ($debug > 2) {
// Is this needed? This is probabaly done in the header file.
$file = Session::read('file');
$oLP = unserialize(Session::read('lpobject'));
/** @var learnpath $oLP */
$oLP = Unserialize::unserialize(
Session::read('lpobject'),
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
$oItem = &$oLP->items[$oLP->current];
if (!is_object($oItem)) {
error_log('New LP - aicc_hacp - Could not load oItem item', 0);

15
main/lp/learnpath.class.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\Repository\CourseRepository;
use Chamilo\CoreBundle\Entity\Repository\ItemPropertyRepository;
use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;
@ -12690,7 +12691,19 @@ EOD;
$learnPath = null;
$lpObject = Session::read('lpobject');
if ($lpObject !== null) {
$learnPath = unserialize($lpObject);
$learnPath = Unserialize::unserialize(
$lpObject,
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
if ($debug) {
error_log('getLpFromSession: unserialize');
error_log('------getLpFromSession------');

16
main/lp/lp_controller.php
Unescape View File

@ -1,6 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use ChamiloSession as Session;
/**
@ -214,7 +215,20 @@ if (!empty($lpObject)) {
if ($debug) {
error_log(' SESSION[lpobject] is defined');
}
$oLP = unserialize($lpObject);
/** @var learnpath $olP */
$olP = Unserialize::unserialize(
$lpObject,
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
if (isset($oLP) && is_object($oLP)) {
if ($debug) {
error_log(' oLP is object');

14
main/lp/scorm_api.php
Unescape View File

@ -31,7 +31,19 @@ require_once __DIR__.'/../inc/global.inc.php';
$file = Session::read('file');
/** @var learnpath $oLP */
$oLP = unserialize(Session::read('lpobject'));
$oLP = Unserialize::unserialize(
Session::read('lpobject'),
[
'allowed_classes' => [
learnpath::class,
learnpathItem::class,
aiccItem::class,
scormItem::class,
Link::class,
LpItem::class,
],
]
);
/** @var learnpathItem $oItem */
$oItem = isset($oLP->items[$oLP->current]) ? $oLP->items[$oLP->current] : null;

19
main/mySpace/my_career.php
Unescape View File

@ -1,6 +1,12 @@
<?php
/* For licensing terms, see /license.txt */
use Brumann\Polyfill\Unserialize;
use Fhaculty\Graph\Graph;
use Fhaculty\Graph\Set\Edges;
use Fhaculty\Graph\Set\Vertices;
use Fhaculty\Graph\Set\VerticesMap;
require_once __DIR__.'/../inc/global.inc.php';
if (api_get_configuration_value('allow_career_diagram') == false) {
@ -41,7 +47,18 @@ foreach ($sessionCategories as $category) {
'career_diagram'
);
if ($diagram && !empty($diagram['value'])) {
$graph = unserialize($diagram['value']);
/** @var Graph $graph */
$graph = Unserialize::unserialize(
$diagram['value'],
[
'allowed_classess' => [
Graph::class,
VerticesMap::class,
Vertices::class,
Edges::class,
]
]
);
$content .= Career::renderDiagram($careerInfo, $graph);
}
}

6
plugin/ims_lti/Entity/ImsLtiTool.php
Unescape View File

@ -3,6 +3,7 @@
namespace Chamilo\PluginBundle\Entity\ImsLti;
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\Course;
use Chamilo\CoreBundle\Entity\GradebookEvaluation;
use Doctrine\Common\Collections\ArrayCollection;
@ -465,7 +466,10 @@ class ImsLtiTool
*/
public function unserializePrivacy()
{
return unserialize($this->privacy);
return Unserialize::unserialize(
$this->privacy,
['allowed_classes' => false]
);
}
/**

15
src/Chamilo/CoreBundle/Entity/Sequence.php
Unescape View File

@ -5,6 +5,9 @@ namespace Chamilo\CoreBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Fhaculty\Graph\Graph;
use Fhaculty\Graph\Set\Edges;
use Fhaculty\Graph\Set\Vertices;
use Fhaculty\Graph\Set\VerticesMap;
use Gedmo\Mapping\Annotation as Gedmo;
/**
@ -135,7 +138,17 @@ class Sequence
*/
public function getUnSerializeGraph()
{
return unserialize($this->graph);
return Unserialize::unserialize(
$this->graph,
[
'allowed_classes' => [
Graph::class,
VerticesMap::class,
Vertices::class,
Edges::class
],
]
);
}
/**

63
src/Chamilo/CourseBundle/Component/CourseCopy/Course.php
Unescape View File

@ -3,7 +3,34 @@
namespace Chamilo\CourseBundle\Component\CourseCopy;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Resource;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work;
/**
* A course-object to use in Export/Import/Backup/Copy.
@ -379,7 +406,41 @@ class Course
if (extension_loaded('igbinary')) {
$unserialized = igbinary_unserialize($course);
} else {
$unserialized = unserialize($course);
$unserialized = Unserialize::unserialize(
$course,
[
'allowed_classes' => [
Course::class,
Announcement::class,
Attendance::class,
CalendarEvent::class,
CourseCopyLearnpath::class,
CourseCopyTestCategory::class,
CourseDescription::class,
CourseSession::class,
Document::class,
Forum::class,
ForumCategory::class,
ForumPost::class,
ForumTopic::class,
Glossary::class,
GradeBookBackup::class,
Link::class,
LinkCategory::class,
Quiz::class,
QuizQuestion::class,
QuizQuestionOption::class,
ScormDocument::class,
Survey::class,
SurveyInvitation::class,
SurveyQuestion::class,
Thematic::class,
ToolIntro::class,
Wiki::class,
Work::class,
],
]
);
}
return $unserialized;

62
src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php
Unescape View File

@ -3,8 +3,34 @@
namespace Chamilo\CourseBundle\Component\CourseCopy;
use Brumann\Polyfill\Unserialize;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Asset;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki;
use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work;
use Symfony\Component\Filesystem\Filesystem;
/**
@ -343,7 +369,41 @@ class CourseArchiver
class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki', 'Wiki');
class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work');
$course = unserialize(base64_decode($contents));
$course = Unserialize::unserialize(
base64_decode($contents),
[
'allowed_classes' => [
Course::class,
Announcement::class,
Attendance::class,
CalendarEvent::class,
CourseCopyLearnpath::class,
CourseCopyTestCategory::class,
CourseDescription::class,
CourseSession::class,
Document::class,
Forum::class,
ForumCategory::class,
ForumPost::class,
ForumTopic::class,
Glossary::class,
GradeBookBackup::class,
Link::class,
LinkCategory::class,
Quiz::class,
QuizQuestion::class,
QuizQuestionOption::class,
ScormDocument::class,
Survey::class,
SurveyInvitation::class,
SurveyQuestion::class,
Thematic::class,
ToolIntro::class,
Wiki::class,
Work::class,
],
]
);
if (!in_array(
get_class($course),

6
src/Chamilo/PageBundle/Entity/User.php
Unescape View File

@ -3,6 +3,7 @@
namespace Chamilo\PageBundle\Entity;
use Brumann\Polyfill\Unserialize;
use Chamilo\CoreBundle\Entity\ExtraFieldValues;
use Chamilo\CoreBundle\Entity\UsergroupRelUser;
use Doctrine\Common\Collections\ArrayCollection;
@ -2282,7 +2283,10 @@ class User extends BaseUser
*/
public function unserialize($serialized)
{
$data = unserialize($serialized);
$data = Unserialize::unserialize(
$serialized,
['allowed_classes' => false]
);
// add a few extra elements in the array to ensure that we have enough keys when unserializing
// older data which does not include all properties.
$data = array_merge($data, array_fill(0, 2, null));

Write Preview
Loading…
Cancel
Save