From e2700a6071ed0f4e3e598b55f4784f1d07fda49c Mon Sep 17 00:00:00 2001 From: Andrew Garrett Date: Tue, 2 Jun 2009 12:59:05 +0000 Subject: [PATCH] Per comments on code review, use JSON instead of PHP serialization for Abuse Filter data interchange. PHP's unserialize() can expose remote code execution vulnerabilities with some input. --- includes/GlobalFunctions.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 26b75bf552..41d4a6f29d 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -3127,3 +3127,17 @@ function wfArrayInsertAfter( $array, $insert, $after ) { return $output; } + +/* Recursively converts the parameter (an object) to an array with the same data */ +function wfObjectToArray( $object, $recursive = true ) { + $array = array(); + foreach ( get_object_vars($object) as $key => $value ) { + if ( is_object($value) && $recursive ) { + $value = wfObjectToArray( $value ); + } + + $array[$key] = $value; + } + + return $array; +} -- 2.20.1