From 8ce96a9abb83e34950dfc84bd5bec11ed18da90b Mon Sep 17 00:00:00 2001 From: Marc Bennewitz Date: Sat, 23 Jan 2016 13:52:44 +0100 Subject: [PATCH] unserialize should raise exception on not serialized input --- src/Adapter/PhpSerialize.php | 4 ++-- test/Adapter/PhpSerializeTest.php | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/Adapter/PhpSerialize.php b/src/Adapter/PhpSerialize.php index 5dbd92f..b04b053 100644 --- a/src/Adapter/PhpSerialize.php +++ b/src/Adapter/PhpSerialize.php @@ -64,8 +64,8 @@ public function serialize($value) */ public function unserialize($serialized) { - if (!is_string($serialized) || !preg_match('/^((s|i|d|b|a|O|C):|N;)/', $serialized)) { - return $serialized; + if (!is_string($serialized)) { + throw new Exception\RuntimeException('Serialized data must be a string'); } // If we have a serialized boolean false value, just return false; diff --git a/test/Adapter/PhpSerializeTest.php b/test/Adapter/PhpSerializeTest.php index 2c7b40b..cec2e1b 100644 --- a/test/Adapter/PhpSerializeTest.php +++ b/test/Adapter/PhpSerializeTest.php @@ -122,15 +122,19 @@ public function testUnserializeObject() $this->assertEquals($expected, $data); } - public function testUnserializingNonserializedStringReturnsItVerbatim() + public function testUnserializingNoStringRaisesException() { - $value = 'not a serialized string'; - $this->assertEquals($value, $this->adapter->unserialize($value)); + $value = null; + $this->setExpectedException( + 'Zend\Serializer\Exception\RuntimeException', + 'Serialized data must be a string' + ); + $this->adapter->unserialize($value); } public function testUnserializingInvalidStringRaisesException() { - $value = 'a:foobar'; + $value = 'foobar'; $this->setExpectedException('Zend\Serializer\Exception\RuntimeException'); $this->adapter->unserialize($value); }