From 8c322aaba197bab1a9992b731db80d9faa133bc4 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Tue, 19 Sep 2017 22:08:29 +0200 Subject: Robustness: safer gzinflate/zlib usage Relates to https://github.com/shaarli/Shaarli/pull/846 PHP's `gzinflate()` fails with an error when being passed an empty string See: - https://bugs.php.net/bug.php?id=71395 Signed-off-by: VirtualTam --- application/FileUtils.php | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/application/FileUtils.php b/application/FileUtils.php index a167f642..918cb83b 100644 --- a/application/FileUtils.php +++ b/application/FileUtils.php @@ -50,7 +50,8 @@ class FileUtils /** * Read data from a file containing Shaarli database format content. - * If the file isn't readable or doesn't exists, default data will be returned. + * + * If the file isn't readable or doesn't exist, default data will be returned. * * @param string $file File path. * @param mixed $default The default value to return if the file isn't readable. @@ -61,16 +62,21 @@ class FileUtils { // Note that gzinflate is faster than gzuncompress. // See: http://www.php.net/manual/en/function.gzdeflate.php#96439 - if (is_readable($file)) { - return unserialize( - gzinflate( - base64_decode( - substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix)) - ) - ) - ); + if (! is_readable($file)) { + return $default; + } + + $data = file_get_contents($file); + if ($data == '') { + return $default; } - return $default; + return unserialize( + gzinflate( + base64_decode( + substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix)) + ) + ) + ); } } -- cgit v1.2.3