Revision 82e22457
Added by Marcos M about 1 year ago
| src/etc/inc/captiveportal.inc | ||
|---|---|---|
| 1551 | 1551 |
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
| 1552 | 1552 |
} |
| 1553 | 1553 |
|
| 1554 |
$rules = unserialize(file_get_contents( |
|
| 1555 |
"{$g['vardb_path']}/captiveportaldn.rules"));
|
|
| 1554 |
$rules = unserialize_data(file_get_contents(
|
|
| 1555 |
"{$g['vardb_path']}/captiveportaldn.rules"), []);
|
|
| 1556 | 1556 |
$ridx = $rulenos_start; |
| 1557 | 1557 |
while ($ridx < $rulenos_range_max) {
|
| 1558 | 1558 |
if (substr($rules[$ridx], 0, strlen($cpzone . '_')) == $cpzone . '_') {
|
| ... | ... | |
| 1591 | 1591 |
|
| 1592 | 1592 |
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
| 1593 | 1593 |
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
| 1594 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
|
| 1594 |
$rules = unserialize_data(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"), array_pad(array(), 64500, false));
|
|
| 1595 | 1595 |
} else {
|
| 1596 | 1596 |
$rules = array_pad(array(), 64500, false); |
| 1597 | 1597 |
} |
| ... | ... | |
| 1612 | 1612 |
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
| 1613 | 1613 |
$ruleno = 0; |
| 1614 | 1614 |
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
| 1615 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
|
| 1615 |
$rules = unserialize_data(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"), []);
|
|
| 1616 | 1616 |
$ridx = $rulenos_start; |
| 1617 | 1617 |
while ($ridx < $rulenos_range_max) {
|
| 1618 | 1618 |
if (empty($rules[$ridx])) {
|
| ... | ... | |
| 1646 | 1646 |
|
| 1647 | 1647 |
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
| 1648 | 1648 |
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
| 1649 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
|
| 1649 |
$rules = unserialize_data(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"), []);
|
|
| 1650 | 1650 |
foreach ($rulenos as $ruleno) {
|
| 1651 | 1651 |
$rules[$ruleno] = false; |
| 1652 | 1652 |
} |
| src/etc/inc/config.lib.inc | ||
|---|---|---|
| 1029 | 1029 |
function get_backups() {
|
| 1030 | 1030 |
global $g; |
| 1031 | 1031 |
if (file_exists("{$g['cf_conf_path']}/backup/backup.cache")) {
|
| 1032 |
$confvers = unserialize(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"));
|
|
| 1032 |
$confvers = unserialize_data(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"), []);
|
|
| 1033 | 1033 |
$bakvers = array_keys($confvers); |
| 1034 | 1034 |
$toreturn = array(); |
| 1035 | 1035 |
sort($bakvers); |
| ... | ... | |
| 1067 | 1067 |
copy(g_get('cf_conf_path') . '/config.xml', $bakfilename);
|
| 1068 | 1068 |
|
| 1069 | 1069 |
if (file_exists(g_get('cf_conf_path') . '/backup/backup.cache')) {
|
| 1070 |
$backupcache = unserialize(file_get_contents(g_get('cf_conf_path') . '/backup/backup.cache'));
|
|
| 1070 |
$backupcache = unserialize_data(file_get_contents(g_get('cf_conf_path') . '/backup/backup.cache'), []);
|
|
| 1071 | 1071 |
} else {
|
| 1072 | 1072 |
$backupcache = array(); |
| 1073 | 1073 |
} |
| src/etc/inc/interfaces.inc | ||
|---|---|---|
| 5083 | 5083 |
} |
| 5084 | 5084 |
|
| 5085 | 5085 |
if (file_exists("{$g['tmp_path']}/dhcp6c_ifs")) {
|
| 5086 |
$dhcp6crealifs_run = unserialize(file_get_contents("{$g['tmp_path']}/dhcp6c_ifs"));
|
|
| 5086 |
$dhcp6crealifs_run = unserialize_data(file_get_contents("{$g['tmp_path']}/dhcp6c_ifs"), []);
|
|
| 5087 | 5087 |
} else {
|
| 5088 | 5088 |
$dhcp6crealifs_run = array(); |
| 5089 | 5089 |
} |
| src/etc/inc/system.inc | ||
|---|---|---|
| 1576 | 1576 |
} |
| 1577 | 1577 |
|
| 1578 | 1578 |
if (file_exists("{$g['tmp_path']}/.system_routes.apply")) {
|
| 1579 |
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.system_routes.apply"));
|
|
| 1579 |
$toapplylist = unserialize_data(file_get_contents("{$g['tmp_path']}/.system_routes.apply"), []);
|
|
| 1580 | 1580 |
} else {
|
| 1581 | 1581 |
$toapplylist = array(); |
| 1582 | 1582 |
} |
| 1583 | 1583 |
|
| 1584 | 1584 |
if (file_exists("{$g['tmp_path']}/staticroute_{$id}") &&
|
| 1585 | 1585 |
file_exists("{$g['tmp_path']}/staticroute_{$id}_gw")) {
|
| 1586 |
$delete_targets = unserialize(file_get_contents("{$g['tmp_path']}/staticroute_{$id}"));
|
|
| 1587 |
$delgw = lookup_gateway_ip_by_name(unserialize(file_get_contents("{$g['tmp_path']}/staticroute_{$id}_gw")));
|
|
| 1586 |
$delete_targets = unserialize_data(file_get_contents("{$g['tmp_path']}/staticroute_{$id}"), []);
|
|
| 1587 |
$delgw = lookup_gateway_ip_by_name(unserialize_data(file_get_contents("{$g['tmp_path']}/staticroute_{$id}_gw")));
|
|
| 1588 | 1588 |
if (count($delete_targets)) {
|
| 1589 | 1589 |
foreach ($delete_targets as $dts) {
|
| 1590 | 1590 |
if (is_subnetv4($dts)) {
|
| src/etc/inc/util.inc | ||
|---|---|---|
| 4575 | 4575 |
return (hash_file('sha256', $f1) == hash_file('sha256', $f2));
|
| 4576 | 4576 |
} |
| 4577 | 4577 |
|
| 4578 |
/** |
|
| 4579 |
* Helper function for unserialize() with error handling. |
|
| 4580 |
* |
|
| 4581 |
* @param ?string $path Data string to unserialize |
|
| 4582 |
* @param mixed $default Value to return in case of failure |
|
| 4583 |
* @param ?array $options Options to pass to unserialize() |
|
| 4584 |
* |
|
| 4585 |
* @return mixed $data The unserialized data |
|
| 4586 |
*/ |
|
| 4587 |
function unserialize_data(?string $path, mixed $default = null, ?array $options = []):mixed {
|
|
| 4588 |
if (empty($path) || !isset($options)) {
|
|
| 4589 |
return $default; |
|
| 4590 |
} |
|
| 4591 |
|
|
| 4592 |
$data = @unserialize($path, $options); |
|
| 4593 |
|
|
| 4594 |
// check if the string was not unserialized |
|
| 4595 |
if (($data === false) && ($data == serialize(false))) {
|
|
| 4596 |
return $default; |
|
| 4597 |
} |
|
| 4598 |
|
|
| 4599 |
return $data; |
|
| 4600 |
} |
|
| 4601 |
|
|
| 4578 | 4602 |
?> |
| src/etc/rc.carpmaster | ||
|---|---|---|
| 156 | 156 |
|
| 157 | 157 |
if (is_array($resp) || !empty($resp)) { // $resp will be an array only if the communication was successful
|
| 158 | 158 |
// Contains array of connected users (will be stored in SQLite DB) |
| 159 |
$connected_users = unserialize(base64_decode($resp['connected_users']));
|
|
| 159 |
$connected_users = unserialize_data(base64_decode($resp['connected_users']), []);
|
|
| 160 | 160 |
// Contains array of active vouchers (will be stored in active vouchers db) |
| 161 |
$active_vouchers = unserialize(base64_decode($resp['active_vouchers']));
|
|
| 161 |
$active_vouchers = unserialize_data(base64_decode($resp['active_vouchers']), []);
|
|
| 162 | 162 |
// Contain bitmask of both in use and expired vouchers (will be stored in "used vouchers" db) |
| 163 |
$expired_vouchers = unserialize(base64_decode($resp['expired_vouchers']));
|
|
| 163 |
$expired_vouchers = unserialize_data(base64_decode($resp['expired_vouchers']), []);
|
|
| 164 | 164 |
// Contains array of usedmacs (will be stored in usedmacs db) |
| 165 |
$usedmacs = unserialize(base64_decode($resp['usedmacs']));
|
|
| 165 |
$usedmacs = unserialize_data(base64_decode($resp['usedmacs']), []);
|
|
| 166 | 166 |
|
| 167 | 167 |
$cpdb = captiveportal_read_db(); |
| 168 | 168 |
$unsetindexes = array_column($cpdb, 5); |
| src/usr/local/pfSense/include/www/alias-utils.inc | ||
|---|---|---|
| 741 | 741 |
$srid++; |
| 742 | 742 |
} |
| 743 | 743 |
if ($reload_static_route && file_exists($g['tmp_path'] . '/.system_routes.apply')) {
|
| 744 |
$toapplylist = unserialize(file_get_contents($g['tmp_path'] . '/.system_routes.apply'));
|
|
| 744 |
$toapplylist = unserialize_data(file_get_contents($g['tmp_path'] . '/.system_routes.apply'), []);
|
|
| 745 | 745 |
foreach ($toapplylist as $toapply) {
|
| 746 | 746 |
mwexec("{$toapply}");
|
| 747 | 747 |
} |
| src/usr/local/pfSense/include/www/backup.inc | ||
|---|---|---|
| 452 | 452 |
|
| 453 | 453 |
cleanup_backupcache(false); |
| 454 | 454 |
|
| 455 |
$raw = unserialize(file_get_contents(g_get('cf_conf_path') . "/backup/backup.cache"));
|
|
| 455 |
$raw = unserialize_data(file_get_contents(g_get('cf_conf_path') . "/backup/backup.cache"), []);
|
|
| 456 | 456 |
|
| 457 | 457 |
$backups = array(); |
| 458 | 458 |
foreach($raw as $key => $value) {
|
| src/usr/local/pfSense/include/www/firewall_virtual_ip.inc | ||
|---|---|---|
| 243 | 243 |
} |
| 244 | 244 |
|
| 245 | 245 |
if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) {
|
| 246 |
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"));
|
|
| 246 |
$toapplylist = unserialize_data(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"), []);
|
|
| 247 | 247 |
} else {
|
| 248 | 248 |
$toapplylist = array(); |
| 249 | 249 |
} |
| ... | ... | |
| 293 | 293 |
|
| 294 | 294 |
$check_carp = false; |
| 295 | 295 |
if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) {
|
| 296 |
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"));
|
|
| 296 |
$toapplylist = unserialize_data(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"), []);
|
|
| 297 | 297 |
foreach ($toapplylist as $vid => $ovip) {
|
| 298 | 298 |
if (!empty($ovip)) {
|
| 299 | 299 |
interface_vip_bring_down($ovip); |
| src/usr/local/sbin/gmirror_status_check.php | ||
|---|---|---|
| 37 | 37 |
// Check for gmirror.status |
| 38 | 38 |
if (file_exists($status_file)) {
|
| 39 | 39 |
// If it exists, read status in |
| 40 |
$previous_mirror_status = unserialize(file_get_contents($status_file));
|
|
| 40 |
$previous_mirror_status = unserialize_data(file_get_contents($status_file), []);
|
|
| 41 | 41 |
$previous_mirror_list = array_keys($previous_mirror_status); |
| 42 | 42 |
sort($previous_mirror_list); |
| 43 | 43 |
if (count($previous_mirror_status) > 0) {
|
| src/usr/local/www/diag_confbak.php | ||
|---|---|---|
| 49 | 49 |
} |
| 50 | 50 |
} |
| 51 | 51 |
|
| 52 |
$confvers = unserialize(file_get_contents(g_get('cf_conf_path') . '/backup/backup.cache'));
|
|
| 52 |
$confvers = unserialize_data(file_get_contents(g_get('cf_conf_path') . '/backup/backup.cache'), []);
|
|
| 53 | 53 |
|
| 54 | 54 |
if ($_POST['newver'] != "") {
|
| 55 | 55 |
if (config_restore(g_get('conf_path') . '/backup/config-' . $_POST['newver'] . '.xml') == 0) {
|
| src/usr/local/www/interfaces.php | ||
|---|---|---|
| 450 | 450 |
|
| 451 | 451 |
$vlan_redo = []; |
| 452 | 452 |
if (file_exists(g_get('tmp_path') . '/.interfaces.apply')) {
|
| 453 |
$toapplylist = unserialize(file_get_contents(g_get('tmp_path') . '/.interfaces.apply'));
|
|
| 453 |
$toapplylist = unserialize_data(file_get_contents(g_get('tmp_path') . '/.interfaces.apply'), []);
|
|
| 454 | 454 |
foreach ($toapplylist as $ifapply => $ifcfgo) {
|
| 455 | 455 |
$realif = get_real_interface($ifapply); |
| 456 | 456 |
$ifmtu = get_interface_mtu($realif); |
| ... | ... | |
| 1718 | 1718 |
} |
| 1719 | 1719 |
|
| 1720 | 1720 |
if (file_exists(g_get('tmp_path') . '/.interfaces.apply')) {
|
| 1721 |
$toapplylist = unserialize(file_get_contents(g_get('tmp_path') . '/.interfaces.apply'));
|
|
| 1721 |
$toapplylist = unserialize_data(file_get_contents(g_get('tmp_path') . '/.interfaces.apply'), []);
|
|
| 1722 | 1722 |
} else {
|
| 1723 | 1723 |
$toapplylist = []; |
| 1724 | 1724 |
} |
| src/usr/local/www/services_captiveportal_hasync.php | ||
|---|---|---|
| 118 | 118 |
} |
| 119 | 119 |
} else {
|
| 120 | 120 |
// Contains array of connected users (will be stored in SQLite DB) |
| 121 |
$connected_users = unserialize(base64_decode($resp['connected_users']));
|
|
| 121 |
$connected_users = unserialize_data(base64_decode($resp['connected_users']), []);
|
|
| 122 | 122 |
// Contains array of active vouchers (will be stored in active vouchers db) |
| 123 |
$active_vouchers = unserialize(base64_decode($resp['active_vouchers']));
|
|
| 123 |
$active_vouchers = unserialize_data(base64_decode($resp['active_vouchers']), []);
|
|
| 124 | 124 |
// Contain bitmask of both in use and expired vouchers (will be stored in "used vouchers" db) |
| 125 |
$expired_vouchers = unserialize(base64_decode($resp['expired_vouchers']));
|
|
| 125 |
$expired_vouchers = unserialize_data(base64_decode($resp['expired_vouchers']), []);
|
|
| 126 | 126 |
// Contains array of usedmacs (will be stored in usedmacs db) |
| 127 |
$usedmacs = unserialize(base64_decode($resp['usedmacs']));
|
|
| 127 |
$usedmacs = unserialize_data(base64_decode($resp['usedmacs']), []);
|
|
| 128 | 128 |
|
| 129 | 129 |
foreach ($connected_users as $user) {
|
| 130 | 130 |
$pipeno = captiveportal_get_next_dn_ruleno('auth');
|
| src/usr/local/www/services_pppoe.php | ||
|---|---|---|
| 37 | 37 |
|
| 38 | 38 |
if ($_POST['apply']) {
|
| 39 | 39 |
if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply")) {
|
| 40 |
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"));
|
|
| 40 |
$toapplylist = unserialize_data(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"), []);
|
|
| 41 | 41 |
foreach ($toapplylist as $pppoeid) {
|
| 42 | 42 |
if (!is_numeric($pppoeid)) {
|
| 43 | 43 |
continue; |
| src/usr/local/www/services_pppoe_edit.php | ||
|---|---|---|
| 268 | 268 |
} |
| 269 | 269 |
|
| 270 | 270 |
if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply")) {
|
| 271 |
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"));
|
|
| 271 |
$toapplylist = unserialize_data(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"), []);
|
|
| 272 | 272 |
} else {
|
| 273 | 273 |
$toapplylist = array(); |
| 274 | 274 |
} |
| src/usr/local/www/system_routes.php | ||
|---|---|---|
| 47 | 47 |
|
| 48 | 48 |
$routes_apply_file = g_get('tmp_path') . '/.system_routes.apply';
|
| 49 | 49 |
if (file_exists($routes_apply_file)) {
|
| 50 |
$toapplylist = unserialize(file_get_contents($routes_apply_file));
|
|
| 50 |
$toapplylist = unserialize_data(file_get_contents($routes_apply_file), []);
|
|
| 51 | 51 |
foreach ($toapplylist as $toapply) {
|
| 52 | 52 |
mwexec($toapply); |
| 53 | 53 |
} |
| src/usr/local/www/system_routes_edit.php | ||
|---|---|---|
| 135 | 135 |
if (!empty($oroute)) {
|
| 136 | 136 |
$staticroute_file = g_get('tmp_path') . '/staticroute_' . $id;
|
| 137 | 137 |
if (file_exists($staticroute_file)) {
|
| 138 |
$old_targets = unserialize(file_get_contents($staticroute_file));
|
|
| 138 |
$old_targets = unserialize_data(file_get_contents($staticroute_file), []);
|
|
| 139 | 139 |
} |
| 140 | 140 |
$staticroute_gw_file = $staticroute_file . '_gw'; |
| 141 | 141 |
if (file_exists($staticroute_gw_file)) {
|
| 142 |
$old_gateway = unserialize(file_get_contents($staticroute_gw_file));
|
|
| 142 |
$old_gateway = unserialize_data(file_get_contents($staticroute_gw_file), []);
|
|
| 143 | 143 |
} |
| 144 | 144 |
} |
| 145 | 145 |
|
| ... | ... | |
| 178 | 178 |
|
| 179 | 179 |
$routes_apply_file = g_get('tmp_path') . '/.system_routes.apply';
|
| 180 | 180 |
if (file_exists($routes_apply_file)) {
|
| 181 |
$toapplylist = unserialize(file_get_contents($routes_apply_file));
|
|
| 181 |
$toapplylist = unserialize_data(file_get_contents($routes_apply_file), []);
|
|
| 182 | 182 |
} else {
|
| 183 | 183 |
$toapplylist = array(); |
| 184 | 184 |
} |
| src/usr/local/www/xmlrpc.php | ||
|---|---|---|
| 872 | 872 |
|
| 873 | 873 |
return $returndata; |
| 874 | 874 |
} elseif ($arguments['op'] === 'connect_user') {
|
| 875 |
$user = unserialize(base64_decode($arguments['user']));
|
|
| 875 |
$user = unserialize_data(base64_decode($arguments['user']), []);
|
|
| 876 | 876 |
$user['attributes']['allow_time'] = $user['allow_time']; |
| 877 | 877 |
|
| 878 | 878 |
// pipeno might be different between primary and secondary |
| ... | ... | |
| 880 | 880 |
return portal_allow($user['clientip'], $user['clientmac'], $user['username'], $user['password'], null, |
| 881 | 881 |
$user['attributes'], $pipeno, $user['authmethod'], $user['context'], $user['sessionid']); |
| 882 | 882 |
} elseif ($arguments['op'] === 'disconnect_user') {
|
| 883 |
$session = unserialize(base64_decode($arguments['session']));
|
|
| 883 |
$session = unserialize_data(base64_decode($arguments['session']), []);
|
|
| 884 | 884 |
/* read database again, as pipeno might be different between primary & secondary */ |
| 885 | 885 |
$sessionid = SQLite3::escapeString($session['sessionid']); |
| 886 | 886 |
$local_dbentry = captiveportal_read_db("WHERE sessionid = '{$sessionid}'");
|
| ... | ... | |
| 891 | 891 |
return false; |
| 892 | 892 |
} |
| 893 | 893 |
} elseif ($arguments['op'] === 'remove_entries') {
|
| 894 |
$entries = unserialize(base64_decode($arguments['entries']));
|
|
| 894 |
$entries = unserialize_data(base64_decode($arguments['entries']), []);
|
|
| 895 | 895 |
|
| 896 | 896 |
return captiveportal_remove_entries($entries, true); |
| 897 | 897 |
} elseif ($arguments['op'] === 'disconnect_all') {
|
| 898 |
$arguments = unserialize(base64_decode($arguments['arguments']));
|
|
| 898 |
$arguments = unserialize_data(base64_decode($arguments['arguments']), []);
|
|
| 899 | 899 |
|
| 900 | 900 |
return captiveportal_disconnect_all($arguments['term_cause'], $arguments['logout_reason'], true); |
| 901 | 901 |
} elseif ($arguments['op'] === 'write_vouchers') {
|
| 902 |
$arguments = unserialize(base64_decode($arguments['arguments']));
|
|
| 902 |
$arguments = unserialize_data(base64_decode($arguments['arguments']), []);
|
|
| 903 | 903 |
|
| 904 | 904 |
if (is_array($arguments['active_and_used_vouchers_bitmasks'])) {
|
| 905 | 905 |
foreach ($arguments['active_and_used_vouchers_bitmasks'] as $roll => $used) {
|
| ... | ... | |
| 917 | 917 |
} |
| 918 | 918 |
return true; |
| 919 | 919 |
} elseif ($arguments['op'] === 'write_usedmacs') {
|
| 920 |
$arguments = unserialize(base64_decode($arguments['arguments']));
|
|
| 920 |
$arguments = unserialize_data(base64_decode($arguments['arguments']), []);
|
|
| 921 | 921 |
|
| 922 | 922 |
captiveportal_write_usedmacs_db($arguments['usedmacs']); |
| 923 | 923 |
return true; |
Also available in: Unified diff
Add a helper function for unserialize(). Fix #15423
For calls to unserialize() which do not check for errors, use the
helper function instead.