Merge pull request #857 from Codeinwp/bugfix/pro/404

Sanitized serialize data
Codeinwp · Jan 3, 2023 · 44eae71 · 44eae71
2 parents 966969e + 949573a
commit 44eae71
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 3 deletions.
diff --git a/includes/admin/abstract/class-rop-services-abstract.php b/includes/admin/abstract/class-rop-services-abstract.php
@@ -390,6 +390,10 @@ protected function is_set_not_empty( $array = array(), $list = array() ) {
 
 				return false;
 			}
+
+			if ( ! $this->is_valid_serialize_data( $array[ $key ] ) ) {
+				return false;
+			}
 		}
 
 		return true;
@@ -873,4 +877,36 @@ protected function shuffle_hashtags( $hashtags ) {
 		return $hashtags;
 	}
 
+	/**
+	 * Check is valid serialize data.
+	 *
+	 * @param string $data serialize string.
+	 * @return bool
+	 */
+	protected function is_valid_serialize_data( $data ) {
+		$valid = true;
+		if ( is_array( $data ) ) {
+			$data = array_map(
+				function( $d ) {
+					$d = base64_decode( $d, true );
+					$d = unserialize( $d, array( 'allowed_classes' => false ) );
+					if ( $d instanceof \__PHP_Incomplete_Class ) {
+						return false;
+					}
+					return true;
+				},
+				$data
+			);
+			$data  = array_filter( $data );
+			$valid = empty( $data ) ? false : true;
+		} else {
+			$data = base64_decode( $data, true );
+			$data = unserialize( $data, array( 'allowed_classes' => false ) );
+			if ( $data instanceof \__PHP_Incomplete_Class ) {
+				$valid = false;
+			}
+		}
+		return $valid;
+	}
+
 }
diff --git a/includes/admin/models/class-rop-services-model.php b/includes/admin/models/class-rop-services-model.php
@@ -121,7 +121,7 @@ public function facebook_exception_toast_remove( $accounts_list ) {
 		if ( false === $remove_toast_option ) {
 			$fb_valid_accounts = 0;
 			foreach ( $accounts_list as $service_key => $service_data ) {
-				if ( 'facebook' === $service_data['service'] ) {
+				if ( isset( $service_data['service'] ) && 'facebook' === $service_data['service'] ) {
 					if ( ! empty( $service_data['available_accounts'] ) ) {
 						foreach ( $service_data['available_accounts'] as $account_key => $value ) {
 							if ( true === filter_var( $value['active'], FILTER_VALIDATE_BOOLEAN ) ) {
@@ -159,7 +159,7 @@ public function update_authenticated_services( $new_auth_services ) {
 
 		foreach ( $new_auth_services as $service_key => $service_data ) {
 			$accounts = array();
-			if ( ! is_array( $service_data['available_accounts'] ) ) {
+			if ( ! isset( $service_data['available_accounts'] ) || ! is_array( $service_data['available_accounts'] ) ) {
 				$service_data['available_accounts'] = array();
 			}
 			foreach ( $service_data['available_accounts'] as $account ) {

diff --git a/tweet-old-post.php b/tweet-old-post.php
@@ -88,7 +88,7 @@ function rop_buffer_present() {
 
 	foreach ( $services as $service ) {
 
-		if ( strpos( $service['service'], 'buffer' ) !== false ) {
+		if ( isset( $service['service'] ) && strpos( $service['service'], 'buffer' ) !== false ) {
 			add_action( 'admin_notices', 'rop_buffer_present_notice' );
 
 			if ( ! function_exists( 'deactivate_plugins' ) ) {