Prevent unintended behavior when certain objects are unserialized.

Props ehtis, xknown.


git-svn-id: https://develop.svn.wordpress.org/trunk@56835 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/Requests/src/Hooks.php

@@ -96,4 +96,8 @@ public function dispatch($hook, $parameters = []) {
 
 		return true;
 	}
+
+	public function __wakeup() {
+		throw new \LogicException( __CLASS__ . ' should never be unserialized' );
+	}
 }

src/wp-includes/Requests/src/Iri.php

@@ -717,6 +717,20 @@ public function is_valid() {
 		return true;
 	}
 
+	public function __wakeup() {
+		$class_props = get_class_vars( __CLASS__ );
+		$string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' );
+		$array_props = array( 'normalization' );
+		foreach ( $class_props as $prop => $default_value ) {
+			if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) {
+				throw new UnexpectedValueException();
+			} elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) {
+				throw new UnexpectedValueException();
+			}
+			$this->$prop = null;
+		}
+	}
+
 	/**
 	 * Set the entire IRI. Returns true on success, false on failure (if there
 	 * are any invalid characters).

src/wp-includes/Requests/src/Session.php

@@ -265,6 +265,10 @@ public function request_multiple($requests, $options = []) {
 		return Requests::request_multiple($requests, $options);
 	}
 
+	public function __wakeup() {
+		throw new \LogicException( __CLASS__ . ' should never be unserialized' );
+	}
+
 	/**
 	 * Merge a request's data with the default data
 	 *

src/wp-includes/class-wp-block-patterns-registry.php

@@ -230,6 +230,21 @@ public function is_registered( $pattern_name ) {
 		return isset( $this->registered_patterns[ $pattern_name ] );
 	}
 
+	public function __wakeup() {
+		if ( ! $this->registered_patterns ) {
+			return;
+		}
+		if ( ! is_array( $this->registered_patterns ) ) {
+			throw new UnexpectedValueException();
+		}
+		foreach ( $this->registered_patterns as $value ) {
+			if ( ! is_array( $value ) ) {
+				throw new UnexpectedValueException();
+			}
+		}
+		$this->registered_patterns_outside_init = array();
+	}
+
 	/**
 	 * Utility method to retrieve the main instance of the class.
 	 *

src/wp-includes/class-wp-block-type-registry.php

@@ -168,6 +168,20 @@ public function is_registered( $name ) {
 		return isset( $this->registered_block_types[ $name ] );
 	}
 
+	public function __wakeup() {
+		if ( ! $this->registered_block_types ) {
+			return;
+		}
+		if ( ! is_array( $this->registered_block_types ) ) {
+			throw new UnexpectedValueException();
+		}
+		foreach ( $this->registered_block_types as $value ) {
+			if ( ! $value instanceof WP_Block_Type ) {
+				throw new UnexpectedValueException();
+			}
+		}
+	}
+
 	/**
 	 * Utility method to retrieve the main instance of the class.
 	 *

src/wp-includes/class-wp-theme.php

@@ -772,6 +772,28 @@ public function parent() {
 		return isset( $this->parent ) ? $this->parent : false;
 	}
 
+	/**
+	 * Perform reinitialization tasks.
+	 *
+	 * Prevents a callback from being injected during unserialization of an object.
+	 *
+	 * @return void
+	 */
+	public function __wakeup() {
+		if ( $this->parent && ! $this->parent instanceof self ) {
+			throw new UnexpectedValueException();
+		}
+		if ( $this->headers && ! is_array( $this->headers ) ) {
+			throw new UnexpectedValueException();
+		}
+		foreach ( $this->headers as $value ) {
+			if ( ! is_string( $value ) ) {
+				throw new UnexpectedValueException();
+			}
+		}
+		$this->headers_sanitized = array();
+	}
+
 	/**
 	 * Adds theme data to cache.
 	 *
@@ -1918,4 +1940,16 @@ private static function _name_sort( $a, $b ) {
 	private static function _name_sort_i18n( $a, $b ) {
 		return strnatcasecmp( $a->name_translated, $b->name_translated );
 	}
+
+	private static function _check_headers_property_has_correct_type( $headers ) {
+		if ( ! is_array( $headers ) ) {
+			return false;
+		}
+		foreach ( $headers as $key => $value ) {
+			if ( ! is_string( $key ) || ! is_string( $value ) ) {
+				return false;
+			}
+		}
+		return true;
+	}
 }