fix: array_map missing callback

impress-org · Sep 9, 2024 · 2ef2d39 · 2ef2d39
1 parent 7b3d09b
commit 2ef2d39
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/includes/admin/admin-actions.php b/includes/admin/admin-actions.php
@@ -1,6 +1,7 @@
 <?php
 
 use Give\Framework\Database\DB;
+use Give\Helpers\Utils;
 use Give\Log\ValueObjects\LogType;
 
 /**
@@ -680,6 +681,7 @@ function showReactTable () {
 /**
  * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
  *
+ * @since 3.16.1 Use Utils::giveMaybeSafeUnserialize() method
  * @since 3.5.0
  *
  * @param string $data Data that might be unserialized.
@@ -688,9 +690,7 @@ function showReactTable () {
  */
 function give_maybe_safe_unserialize($data)
 {
-    return is_serialized($data)
-        ? @unserialize(trim($data), ['allowed_classes' => false])
-        : $data;
+    return Utils::maybeSafeUnserialize($data);
 }
 
 /**

diff --git a/includes/process-donation.php b/includes/process-donation.php
@@ -152,7 +152,7 @@ function give_process_donation_form() {
 	);
 
 	// Setup donation information.
-	$user_info = array_map('give_maybe_safe_unserialize', stripslashes_deep( $user_info ));
+	$user_info = array_map('\Give\Helpers\Utils::maybeSafeUnserialize', stripslashes_deep( $user_info ));
 	$donation_data = [
 		'price'        => $price,
 		'purchase_key' => $purchase_key,

diff --git a/src/Helpers/Utils.php b/src/Helpers/Utils.php
@@ -111,4 +111,20 @@ public static function isPluginActive($plugin)
 
         return is_plugin_active($plugin);
     }
+
+    /**
+     * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
+     *
+     * @since 3.16.1
+     *
+     * @param string $data Data that might be unserialized.
+     *
+     * @return mixed Unserialized data can be any type.
+     */
+    public static function maybeSafeUnserialize($data)
+    {
+        return is_serialized($data)
+            ? @unserialize(trim($data), ['allowed_classes' => false])
+            : $data;
+    }
 }