NTO-707 replace (un)serialize() in sfRoute caching (master) (#14)

akhumphrey · web-flow · commit 2e7543e1cdd1 · 2024-07-24T12:17:05.000+12:00
* imported changes from #11 * imported more changes from #11 * bumped version * added support for classes which extend from `sfRoute`
diff --git a/lib/autoload/sfCoreAutoload.class.php b/lib/autoload/sfCoreAutoload.class.php
@@ -9,7 +9,7 @@
  */
 
 // The current symfony version.
-define('SYMFONY_VERSION', '1.6.1.1');
+define('SYMFONY_VERSION', '1.6.1.2-dev');
 
 /**
  * sfCoreAutoload class.
diff --git a/lib/config/sfRoutingConfigHandler.class.php b/lib/config/sfRoutingConfigHandler.class.php
@@ -38,14 +38,14 @@ public function execute($configFiles)
             $routes = $route instanceof sfRouteCollection ? $route : [$name => $route];
             foreach (sfPatternRouting::flattenRoutes($routes) as $name => $route) {
                 $route->setDefaultOptions($options);
-                $data[] = sprintf('$this->routes[\'%s\'] = %s;', $name, var_export(serialize($route), true));
+                $data[] = sprintf('$this->routes[\'%s\'] = %s;', $name, var_export(json_encode($route), true));
             }
         }
 
         return sprintf(
             "<?php\n".
-                       "// auto-generated by sfRoutingConfigHandler\n".
-                       "// date: %s\n%s\n",
+            "// auto-generated by sfRoutingConfigHandler\n".
+            "// date: %s\n%s\n",
             date('Y/m/d H:i:s'),
             implode("\n", $data)
         );
diff --git a/lib/routing/sfPatternRouting.class.php b/lib/routing/sfPatternRouting.class.php
@@ -146,8 +146,14 @@ public function getRoute($name)
         $route = $this->routes[$name];
 
         if (is_string($route)) {
-            $this->routes[$name] = $route = unserialize($route);
-            $route->setDefaultParameters($this->defaultParameters);
+            $decoded = json_decode($route, true);
+            $route = is_array($decoded) ? sfRoute::jsonUnserialize($decoded) : unserialize($route);
+
+            if (is_object($route) && method_exists($route, 'setDefaultParameters')) {
+                $route->setDefaultParameters($this->defaultParameters);
+            }
+
+            $this->routes[$name] = $route;
         }
 
         return $route;
diff --git a/lib/routing/sfRoute.class.php b/lib/routing/sfRoute.class.php
@@ -13,7 +13,7 @@
  *
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  */
-class sfRoute implements Serializable
+class sfRoute implements Serializable, JsonSerializable
 {
     protected $isBound = false;
     protected $context;
@@ -446,6 +446,41 @@ public function unserialize($serialized)
         $this->__unserialize($array);
     }
 
+    public function jsonSerialize(): array
+    {
+        return [
+            'class' => get_class($this),
+            'tokens' => $this->tokens,
+            'defaultOptions' => $this->defaultOptions,
+            'options' => $this->options,
+            'pattern' => $this->pattern,
+            'staticPrefix' => $this->staticPrefix,
+            'regex' => $this->regex,
+            'variables' => $this->variables,
+            'defaults' => $this->defaults,
+            'requirements' => $this->requirements,
+            'suffix' => $this->suffix,
+            'customToken' => $this->customToken,
+        ];
+    }
+
+    public static function jsonUnserialize(array $raw): self
+    {
+        $class = $raw['class'] ?? 'sfRoute';
+        $rebuilt = new $class(
+            $raw['pattern'],
+            $raw['defaults'],
+            $raw['requirements'],
+            $raw['options']
+        );
+
+        $rebuilt->compile();
+
+        $rebuilt->setDefaultOptions($raw['defaultOptions']);
+
+        return $rebuilt;
+    }
+
     /**
      * Generates a URL for the given parameters by using the route tokens.
      *
diff --git a/lib/storage/sfCacheSessionStorage.class.php b/lib/storage/sfCacheSessionStorage.class.php
@@ -132,16 +132,21 @@ public function initialize($options = [])
             if (null === $raw) {
                 $this->data = [];
             } else {
-                $data = @unserialize($raw);
-
-                // We test 'b:0' special case, because such a string would result
-                // in $data being === false, while raw is serialized
-                // see http://stackoverflow.com/questions/1369936/check-to-see-if-a-string-is-serialized
-                if ('b:0;' === $raw || false !== $data) {
-                    $this->data = $data;
+                $data = json_decode($raw, true);
+                if (is_array($data)) {
+                    $this->data = $this->upgradeNestedRouteObjects($data);
                 } else {
-                    // Probably an old cached value (BC)
-                    $this->data = $raw;
+                    $data = @unserialize($raw);
+
+                    // We test 'b:0' special case, because such a string would result
+                    // in $data being === false, while raw is serialized
+                    // see http://stackoverflow.com/questions/1369936/check-to-see-if-a-string-is-serialized
+                    if ('b:0;' === $raw || false !== $data) {
+                        $this->data = $data;
+                    } else {
+                        // Probably an old cached value (BC)
+                        $this->data = $raw;
+                    }
                 }
             }
 
@@ -155,6 +160,38 @@ public function initialize($options = [])
         return true;
     }
 
+    /**
+     * Recursive method to search through a json_decode()'d cache payload for
+     * any values which _would have been_ sfRoute objects before serialisation.
+     * If any are found, then also rebuilds the sfRoute object from the cached
+     * values and injects it back into the array.
+     *
+     * @param array $raw A dictionary of key => value pairs
+     */
+    protected function upgradeNestedRouteObjects(array $raw): array
+    {
+        foreach ($raw as $key => $value) {
+            if (is_array($value)) {
+                if (
+                    'route' == $key
+                    && isset(
+                        $value['pattern'],
+                        $value['defaults'],
+                        $value['requirements'],
+                        $value['options']
+                    )
+                ) {
+                    $raw[$key] = sfRoute::jsonUnserialize($value);
+                    continue;
+                }
+
+                $raw[$key] = $this->upgradeNestedRouteObjects($value);
+            }
+        }
+
+        return $raw;
+    }
+
     /**
      * Write data to this storage.
      *
@@ -235,7 +272,7 @@ public function regenerate($destroy = false)
         $this->id = md5(mt_rand(0, 999999).$_SERVER['REMOTE_ADDR'].$ua.$this->options['session_cookie_secret']);
 
         // save data to cache
-        $this->cache->set($this->id, serialize($this->data));
+        $this->cache->set($this->id, json_encode($this->data));
 
         // update session id in signed cookie
         $this->response->setCookie(
@@ -274,7 +311,7 @@ public function shutdown()
     {
         // only update cache if session has changed
         if (true === $this->dataChanged) {
-            $this->cache->set($this->id, serialize($this->data));
+            $this->cache->set($this->id, json_encode($this->data));
             if (sfConfig::get('sf_logging_enabled')) {
                 $this->dispatcher->notify(new sfEvent($this, 'application.log', ['Storing session to cache']));
             }
diff --git a/lib/util/sfBrowserBase.class.php b/lib/util/sfBrowserBase.class.php
