mirror of
https://github.com/moodle/moodle.git
synced 2025-08-04 08:26:37 +02:00
MDL-70823 blocks: safer unserializing during block restore.
This commit is contained in:
Paul Holden
Sara Arjona
parent
ad524085cd
commit
c4010ec81f
14 changed files with 25 additions and 20 deletions
|
|
@ -162,6 +162,16 @@ abstract class restore_block_task extends restore_task {
|
|||
*/
|
||||
abstract public function get_configdata_encoded_attributes();
|
||||
|
||||
/**
|
||||
* Helper method to safely unserialize block configuration during restore
|
||||
*
|
||||
* @param string $configdata The original base64 encoded block config, as retrieved from the block_instances table
|
||||
* @return stdClass
|
||||
*/
|
||||
protected function decode_configdata(string $configdata): stdClass {
|
||||
return unserialize_object(base64_decode($configdata));
|
||||
}
|
||||
|
||||
/**
|
||||
* Define the contents in the activity that must be
|
||||
* processed by the link decoder
|
||||
|
|
|
|||
|
|
@ -4196,7 +4196,7 @@ class restore_block_instance_structure_step extends restore_structure_step {
|
|||
// Let's look for anything within configdata neededing processing
|
||||
// (nulls and uses of legacy file.php)
|
||||
if ($attrstotransform = $this->task->get_configdata_encoded_attributes()) {
|
||||
$configdata = (array)unserialize(base64_decode($data->configdata));
|
||||
$configdata = (array) unserialize_object(base64_decode($data->configdata));
|
||||
foreach ($configdata as $attribute => $value) {
|
||||
if (in_array($attribute, $attrstotransform)) {
|
||||
$configdata[$attribute] = $this->contentprocessor->process_cdata($value);
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class restore_activity_results_block_task extends restore_block_task {
|
|||
$blockid = $this->get_blockid();
|
||||
|
||||
if ($configdata = $DB->get_field('block_instances', 'configdata', array('id' => $blockid))) {
|
||||
$config = unserialize(base64_decode($configdata));
|
||||
$config = $this->decode_configdata($configdata);
|
||||
if (!empty($config->activityparentid)) {
|
||||
// Get the mapping and replace it in config.
|
||||
if ($mapping = restore_dbops::get_backup_ids_record($this->get_restoreid(),
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ class restore_glossary_random_block_task extends restore_block_task {
|
|||
|
||||
// Extract block configdata and update it to point to the new glossary
|
||||
if ($configdata = $DB->get_field('block_instances', 'configdata', array('id' => $blockid))) {
|
||||
$config = unserialize(base64_decode($configdata));
|
||||
$config = $this->decode_configdata($configdata);
|
||||
if (!empty($config->glossary)) {
|
||||
if ($glossarymap = restore_dbops::get_backup_ids_record($this->get_restoreid(), 'glossary', $config->glossary)) {
|
||||
// Get glossary mapping and replace it in config
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class restore_html_block_decode_content extends restore_decode_content {
|
|||
}
|
||||
|
||||
protected function preprocess_field($field) {
|
||||
$this->configdata = unserialize(base64_decode($field));
|
||||
$this->configdata = unserialize_object(base64_decode($field));
|
||||
return isset($this->configdata->text) ? $this->configdata->text : '';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class content extends \core_search\base_block {
|
|||
$this->componentname, $this->areaname);
|
||||
|
||||
// Get stdclass object with data from DB.
|
||||
$data = unserialize(base64_decode($record->configdata));
|
||||
$data = unserialize_object(base64_decode($record->configdata));
|
||||
|
||||
// Get content.
|
||||
$content = content_to_text($data->text, $data->format);
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ class block_html_edit_form extends block_edit_form {
|
|||
}
|
||||
|
||||
function set_data($defaults) {
|
||||
if (!empty($this->block->config) && is_object($this->block->config)) {
|
||||
if (!empty($this->block->config) && !empty($this->block->config->text)) {
|
||||
$text = $this->block->config->text;
|
||||
$draftid_editor = file_get_submitted_draft_itemid('config_text');
|
||||
if (empty($text)) {
|
||||
|
|
@ -61,7 +61,7 @@ class block_html_edit_form extends block_edit_form {
|
|||
}
|
||||
$defaults->config_text['text'] = file_prepare_draft_area($draftid_editor, $this->block->context->id, 'block_html', 'content', 0, array('subdirs'=>true), $currenttext);
|
||||
$defaults->config_text['itemid'] = $draftid_editor;
|
||||
$defaults->config_text['format'] = $this->block->config->format;
|
||||
$defaults->config_text['format'] = $this->block->config->format ?? FORMAT_MOODLE;
|
||||
} else {
|
||||
$text = '';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ function block_html_global_db_replace($search, $replace) {
|
|||
$instances = $DB->get_recordset('block_instances', array('blockname' => 'html'));
|
||||
foreach ($instances as $instance) {
|
||||
// TODO: intentionally hardcoded until MDL-26800 is fixed
|
||||
$config = unserialize(base64_decode($instance->configdata));
|
||||
$config = unserialize_object(base64_decode($instance->configdata));
|
||||
if (isset($config->text) and is_string($config->text)) {
|
||||
$config->text = str_replace($search, $replace, $config->text);
|
||||
$DB->update_record('block_instances', ['id' => $instance->id,
|
||||
|
|
|
|||
|
|
@ -470,7 +470,7 @@ class block_base {
|
|||
*/
|
||||
function _load_instance($instance, $page) {
|
||||
if (!empty($instance->configdata)) {
|
||||
$this->config = unserialize(base64_decode($instance->configdata));
|
||||
$this->config = unserialize_object(base64_decode($instance->configdata));
|
||||
}
|
||||
$this->instance = $instance;
|
||||
$this->context = context_block::instance($instance->id);
|
||||
|
|
|
|||
|
|
@ -66,8 +66,7 @@ class restore_quiz_results_block_task extends restore_block_task {
|
|||
|
||||
// The block was configured.
|
||||
if (!empty($configdata)) {
|
||||
|
||||
$config = unserialize(base64_decode($configdata));
|
||||
$config = $this->decode_configdata($configdata);
|
||||
$config->activityparent = 'quiz';
|
||||
$config->activityparentid = 0;
|
||||
$config->gradeformat = isset($config->gradeformat) ? $config->gradeformat : 1;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class backup_rss_client_block_structure_step extends backup_block_structure_step
|
|||
// Get the block
|
||||
$block = $DB->get_record('block_instances', array('id' => $this->task->get_blockid()));
|
||||
// Extract configdata
|
||||
$config = unserialize(base64_decode($block->configdata));
|
||||
$config = unserialize_object(base64_decode($block->configdata));
|
||||
// Get array of used rss feeds
|
||||
if (!empty($config->rssid)) {
|
||||
$feedids = $config->rssid;
|
||||
|
|
|
|||
|
|
@ -76,10 +76,7 @@ class restore_rss_client_block_structure_step extends restore_structure_step {
|
|||
// Get the configdata
|
||||
$configdata = $DB->get_field('block_instances', 'configdata', array('id' => $this->task->get_blockid()));
|
||||
// Extract configdata
|
||||
$config = unserialize(base64_decode($configdata));
|
||||
if (empty($config)) {
|
||||
$config = new stdClass();
|
||||
}
|
||||
$config = unserialize_object(base64_decode($configdata));
|
||||
// Set array of used rss feeds
|
||||
$config->rssid = $feedsarr;
|
||||
// Serialize back the configdata
|
||||
|
|
|
|||
|
|
@ -49,9 +49,8 @@ class block_rss_client_edit_form extends block_edit_form {
|
|||
|
||||
$insql = '';
|
||||
$params = array('userid' => $USER->id);
|
||||
$rssconfig = unserialize(base64_decode($this->block->instance->configdata));
|
||||
if ($rssconfig && !empty($rssconfig->rssid)) {
|
||||
list($insql, $inparams) = $DB->get_in_or_equal($rssconfig->rssid, SQL_PARAMS_NAMED);
|
||||
if (!empty($this->block->config) && !empty($this->block->config->rssid)) {
|
||||
list($insql, $inparams) = $DB->get_in_or_equal($this->block->config->rssid, SQL_PARAMS_NAMED);
|
||||
$insql = "OR id $insql ";
|
||||
$params += $inparams;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ class restore_tags_block_task extends restore_block_task {
|
|||
|
||||
// Extract block configdata and remove tag collection reference if this is another site. Also map contextid.
|
||||
if ($configdata = $DB->get_field('block_instances', 'configdata', array('id' => $blockid))) {
|
||||
$config = unserialize(base64_decode($configdata));
|
||||
$config = $this->decode_configdata($configdata);
|
||||
$changed = false;
|
||||
if (!empty($config->tagcoll) && $config->tagcoll > 1 && !$this->is_samesite()) {
|
||||
$config->tagcoll = 0;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue