wellton/hhvm
1
0
Fork 0
Código Issues Pull Requests Ações Pacotes Projetos Versões Wiki Atividade
Arquivos
6a93844442a0f014b309e11ad296f6ef90b35ffc
hhvm/hphp/runtime/ext/ext_variable.h
T
bertrand 6a93844442 Add support for safe (un)serialization using (un)serialize() 
The unserialization of random objects may be dangerous because the destructor of the object will be called when the unserialized objects are out of scope. However, the person who wrote the class may not be aware of the danger of unserialization. Therefore, we would like to require every users of the unserialize() to provide a whitelist of the class names that are authorized to be unserialized so that we can make sure the object is safe to be unserialized.

Add a parameter 'class_whitelist' to unserialize() function to determine whether to raise warnings for unsafe unserialization. If the class to be unserialized is not an instance of Serilizable or not in the whitelist, warnings will be raised. For the detailed reason why we need this, please see http://fburl.com/SafeSerializable for more information.

Add a parameter 'all_classes_enabled' to allow  those hphp functions that need to unserialize any class. For example, fb_call_user_func_async() will need to serialize and nserialize the given parameters.
2013-04-18 13:54:55 -07:00

90 linhas
3.2 KiB
C++
Original Anotar Histórico

/*
+----------------------------------------------------------------------+
| HipHop for PHP |
+----------------------------------------------------------------------+
| Copyright (c) 2010- Facebook, Inc. (http://www.facebook.com) |
| Copyright (c) 1997-2010 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
*/
#ifndef __HPHP_VARIABLE_H__
#define __HPHP_VARIABLE_H__
#include <runtime/base/base_includes.h>
namespace HPHP {
///////////////////////////////////////////////////////////////////////////////
// type testing
bool f_is_bool(CVarRef v);
bool f_is_int(CVarRef v);
bool f_is_integer(CVarRef v);
bool f_is_long(CVarRef v);
bool f_is_double(CVarRef v);
bool f_is_float(CVarRef v);
bool f_is_numeric(CVarRef v);
bool f_is_real(CVarRef v);
bool f_is_string(CVarRef v);
bool f_is_scalar(CVarRef v);
bool f_is_array(CVarRef v);
bool f_is_object(CVarRef v);
bool f_is_resource(CVarRef v);
bool f_is_null(CVarRef v);
String f_gettype(CVarRef v);
String f_get_resource_type(CObjRef handle);
///////////////////////////////////////////////////////////////////////////////
// type conversion
int64_t f_intval(CVarRef v, int64_t base = 10);
double f_doubleval(CVarRef v);
double f_floatval(CVarRef v);
String f_strval(CVarRef v);
bool f_settype(VRefParam var, CStrRef type);
///////////////////////////////////////////////////////////////////////////////
// input/output
Variant f_print_r(CVarRef expression, bool ret = false);
Variant f_var_export(CVarRef expression, bool ret = false);
void f_var_dump(CVarRef v);
void f_var_dump(int _argc, CVarRef expression, CArrRef _argv = null_array);
void f_debug_zval_dump(CVarRef variable);
String f_serialize(CVarRef value);
Variant f_unserialize(CStrRef str,
CArrRef class_whitelist = empty_array);
///////////////////////////////////////////////////////////////////////////////
// variable table
Array f_get_defined_vars();
bool f_import_request_variables(CStrRef types, CStrRef prefix = "");
#define EXTR_OVERWRITE 0
#define EXTR_SKIP 1
#define EXTR_PREFIX_SAME 2
#define EXTR_PREFIX_ALL 3
#define EXTR_PREFIX_INVALID 4
#define EXTR_PREFIX_IF_EXISTS 5
#define EXTR_IF_EXISTS 6
#define EXTR_REFS 0x100
int64_t f_extract(CArrRef var_array, int extract_type = EXTR_OVERWRITE,
CStrRef prefix = "");
///////////////////////////////////////////////////////////////////////////////
}
#endif // __HPHP_VARIABLE_H__
Referência em uma Nova Issue Ver Git Blame Copiar Link Permanente