Skip to content
This repository was archived by the owner on Jan 31, 2020. It is now read-only.

Commit a31700f

Browse files
weierophinneyweierophinney
committed
Incorporated feedback for #9
- Re-instated regex for detecting serialized strings. - Added data providers to both changed test methods to provide multiple values and expected exception message strings.
1 parent 19b7d64 commit a31700f

File tree

2 files changed

+46
-9
lines changed

2 files changed

+46
-9
lines changed

src/Adapter/PhpSerialize.php

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,18 @@ public function serialize($value)
6464
*/
6565
public function unserialize($serialized)
6666
{
67-
if (!is_string($serialized)) {
68-
throw new Exception\RuntimeException('Serialized data must be a string');
67+
if (! is_string($serialized) || ! preg_match('/^((s|i|d|b|a|O|C):|N;)/', $serialized)) {
68+
$value = $serialized;
69+
if (is_object($value)) {
70+
$value = get_class($value);
71+
} elseif (! is_string($value)) {
72+
$value = gettype($value);
73+
}
74+
75+
throw new Exception\RuntimeException(sprintf(
76+
'Serialized data must be a string containing serialized PHP code; received: %s',
77+
$value
78+
));
6979
}
7080

7181
// If we have a serialized boolean false value, just return false;

test/Adapter/PhpSerializeTest.php

Lines changed: 34 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -122,20 +122,47 @@ public function testUnserializeObject()
122122
$this->assertEquals($expected, $data);
123123
}
124124

125-
public function testUnserializingNoStringRaisesException()
125+
public function invalidSerializationTypes()
126+
{
127+
return [
128+
'null' => [null, 'NULL'],
129+
'true' => [true, 'boolean'],
130+
'false' => [false, 'boolean'],
131+
'zero' => [0, 'int'],
132+
'int' => [1, 'int'],
133+
'zero-float' => [0.0, 'double'],
134+
'float' => [1.1, 'double'],
135+
'array' => [['foo'], 'array'],
136+
'object' => [(object) ['foo' => 'bar'], 'stdClass'],
137+
];
138+
}
139+
140+
/**
141+
* @dataProvider invalidSerializationTypes
142+
*/
143+
public function testUnserializingNoStringRaisesException($value, $expected)
126144
{
127-
$value = null;
128145
$this->setExpectedException(
129146
'Zend\Serializer\Exception\RuntimeException',
130-
'Serialized data must be a string'
147+
$expected
131148
);
132149
$this->adapter->unserialize($value);
133150
}
134151

135-
public function testUnserializingInvalidStringRaisesException()
152+
public function invalidStrings()
136153
{
137-
$value = 'foobar';
138-
$this->setExpectedException('Zend\Serializer\Exception\RuntimeException');
139-
$this->adapter->unserialize($value);
154+
return [
155+
'not-serialized' => ['foobar', 'foobar'],
156+
'invalid-serialization' => ['a:foobar', 'Unserialization failed'],
157+
];
158+
}
159+
160+
/**
161+
* @dataProvider invalidStrings
162+
*/
163+
public function testUnserializingInvalidStringRaisesException($string, $expected)
164+
{
165+
$this->setExpectedException(Serializer\Exception\RuntimeException::class, $expected);
166+
$this->adapter->unserialize($string);
140167
}
141168
}

0 commit comments

Comments
 (0)