From: Andrew Garrett <werdna@users.mediawiki.org>
Date: Tue, 2 Jun 2009 12:59:05 +0000 (+0000)
Subject: Per comments on code review, use JSON instead of PHP serialization for Abuse Filter... 
X-Git-Tag: 1.31.0-rc.0~41541
X-Git-Url: http://git.cyclocoop.org/url?a=commitdiff_plain;h=e2700a6071ed0f4e3e598b55f4784f1d07fda49c;p=lhc%2Fweb%2Fwiklou.git

Per comments on code review, use JSON instead of PHP serialization for Abuse Filter data interchange. PHP's unserialize() can expose remote code execution vulnerabilities with some input.
---

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 26b75bf552..41d4a6f29d 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3127,3 +3127,17 @@ function wfArrayInsertAfter( $array, $insert, $after ) {
 	
 	return $output;
 }
+
+/* Recursively converts the parameter (an object) to an array with the same data */
+function wfObjectToArray( $object, $recursive = true ) {
+	$array = array();
+	foreach ( get_object_vars($object) as $key => $value ) {
+		if ( is_object($value) && $recursive ) {
+			$value = wfObjectToArray( $value );
+		}
+		
+		$array[$key] = $value;
+	}
+	
+	return $array;
+}