13 * to license@zend.com so we can send you a copy immediately. |
13 * to license@zend.com so we can send you a copy immediately. |
14 * |
14 * |
15 * @category Zend |
15 * @category Zend |
16 * @package Zend_Serializer |
16 * @package Zend_Serializer |
17 * @subpackage Adapter |
17 * @subpackage Adapter |
18 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
18 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
20 * @version $Id: Wddx.php 25033 2012-08-17 19:50:08Z matthew $ |
20 * @version $Id$ |
21 */ |
21 */ |
22 |
22 |
23 /** @see Zend_Serializer_Adapter_AdapterAbstract */ |
23 /** @see Zend_Serializer_Adapter_AdapterAbstract */ |
24 require_once 'Zend/Serializer/Adapter/AdapterAbstract.php'; |
24 require_once 'Zend/Serializer/Adapter/AdapterAbstract.php'; |
|
25 |
|
26 /** @see Zend_Xml_Security */ |
|
27 require_once 'Zend/Xml/Security.php'; |
|
28 |
|
29 /** @see Zend_Xml_Exception */ |
|
30 require_once 'Zend/Xml/Exception.php'; |
25 |
31 |
26 /** |
32 /** |
27 * @link http://www.infoloom.com/gcaconfs/WEB/chicago98/simeonov.HTM |
33 * @link http://www.infoloom.com/gcaconfs/WEB/chicago98/simeonov.HTM |
28 * @link http://en.wikipedia.org/wiki/WDDX |
34 * @link http://en.wikipedia.org/wiki/WDDX |
29 * @category Zend |
35 * @category Zend |
30 * @package Zend_Serializer |
36 * @package Zend_Serializer |
31 * @subpackage Adapter |
37 * @subpackage Adapter |
32 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
38 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
33 * @license http://framework.zend.com/license/new-bsd New BSD License |
39 * @license http://framework.zend.com/license/new-bsd New BSD License |
34 */ |
40 */ |
35 class Zend_Serializer_Adapter_Wddx extends Zend_Serializer_Adapter_AdapterAbstract |
41 class Zend_Serializer_Adapter_Wddx extends Zend_Serializer_Adapter_AdapterAbstract |
36 { |
42 { |
37 /** |
43 /** |
98 |
104 |
99 if ($ret === null) { |
105 if ($ret === null) { |
100 // check if the returned NULL is valid |
106 // check if the returned NULL is valid |
101 // or based on an invalid wddx string |
107 // or based on an invalid wddx string |
102 try { |
108 try { |
103 $oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true); |
109 $simpleXml = Zend_Xml_Security::scan($wddx); |
104 $dom = new DOMDocument; |
|
105 $dom->loadXML($wddx); |
|
106 foreach ($dom->childNodes as $child) { |
|
107 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { |
|
108 require_once 'Zend/Serializer/Exception.php'; |
|
109 throw new Zend_Serializer_Exception( |
|
110 'Invalid XML: Detected use of illegal DOCTYPE' |
|
111 ); |
|
112 } |
|
113 } |
|
114 $simpleXml = simplexml_import_dom($dom); |
|
115 libxml_disable_entity_loader($oldLibxmlDisableEntityLoader); |
|
116 if (isset($simpleXml->data[0]->null[0])) { |
110 if (isset($simpleXml->data[0]->null[0])) { |
117 return null; // valid null |
111 return null; // valid null |
118 } |
112 } |
119 $errMsg = 'Can\'t unserialize wddx string'; |
113 $errMsg = 'Can\'t unserialize wddx string'; |
120 } catch (Exception $e) { |
114 } catch (Zend_Xml_Exception $e) { |
121 $errMsg = $e->getMessage(); |
115 $errMsg = $e->getMessage(); |
122 } |
116 } |
123 |
117 |
124 require_once 'Zend/Serializer/Exception.php'; |
118 require_once 'Zend/Serializer/Exception.php'; |
125 throw new Zend_Serializer_Exception($errMsg); |
119 throw new Zend_Serializer_Exception($errMsg); |