Skip to content

Commit

Permalink
Another update - Treat wp_content as strict, while metadata as not st…
Browse files Browse the repository at this point in the history 
…rict. Normal WP core updates seem to guard against injections from the admin backend ( but not from direct database injections ), so that is less of a vector than the code editor in guten which was used for security problem
  • Loading branch information
@bschuiling
bschuiling committed Sep 21, 2023
1 parent 09712fc commit 46ab46b
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions build/shortpixel/replacer/src/Replacer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ private function doReplaceQuery($base_url, $search_urls, $replace_urls)

$post_content = $rows["post_content"];
$post_id = $rows['ID'];
$replaced_content = $this->replaceContent($post_content, $search_urls, $replace_urls);
$replaced_content = $this->replaceContent($post_content, $search_urls, $replace_urls, false, true);

if ($replaced_content !== $post_content)
{
Expand Down Expand Up @@ -311,14 +311,25 @@ private function handleMetaData($url, $search_urls, $replace_urls)
* @param $search String Search string
* @param $replace String Replacement String
* @param $in_deep Boolean. This is use to prevent serialization of sublevels. Only pass back serialized from top.
* @param $strict_check Boolean . If true, remove all classes from serialization check and fail. This should be done on post_content, not on metadata.
*/
private function replaceContent($content, $search, $replace, $in_deep = false)
private function replaceContent($content, $search, $replace, $in_deep = false, $strict_check = false)
{
//$is_serial = false;
if ( true === is_serialized($content))
{
$serialized_content = $content; // use to return content back if incomplete classes are found, prevent destroying the original information
$content = Unserialize::unserialize($content);

if (true === $strict_check)
{
$args = array('allowed_classes' => false);
}
else
{
$args = array('allowed_classes' => true);
}

$content = Unserialize::unserialize($content, $args);
// bail directly on incomplete classes. In < PHP 7.2 is_object is false on incomplete objects!
if (true === $this->checkIncomplete($content))
{
Expand Down

0 comments on commit 46ab46b

Please sign in to comment.