Fix unserializeArray on nonserialized string

[Hanmac]

Description (*)

Related Pull Requests

Fixed Issues (if relevant)

1. Fixes UnserializeArray in Mage_Sales_Model_Quote_Item::compare causes exception and password leak #4383

Manual testing scenarios (*)

1. Login
2. Put Product into Cart with option Text "abc"
3. Logout
4. Put Product into Cart with option Text "def"
5. Login again, how it tries to Merge the Quotes

Questions or comments

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All automated tests passed successfully (all builds are green)
• Add yourself to contributors list

[sreichel]

There is Mage_Core_Helper_String::isSerializedArrayOrObject()

Maybe thats better?

[Hanmac]

There is Mage_Core_Helper_String::isSerializedArrayOrObject()

Maybe thats better?

Oh nice, my old code didn't have that yet

[sreichel]

Is it needed? (#4383 (comment))

[Hanmac]

Is it needed? (#4383 (comment))

Not really?

For this PR, the type is already checked with if (is_string($itemOptionValue) && is_string($optionValue)) {
So they can only be string.

This check was for Strings that aren't serialized

[sreichel]

If i got your comment right, the isse was fixed with updating your code.

For me everything works, no need for changes. (Something i miss?)

[Hanmac]

If i got your comment right, the isse was fixed with updating your code.

For me everything works, no need for changes. (Something i miss?)

unserialize still causes an Exception when getting random string
I will make new StackTrace soon

[Hanmac]

If i got your comment right, the isse was fixed with updating your code.

For me everything works, no need for changes. (Something i miss?)

It relies on the order of the options returned by Mage_Sales_Model_Quote_Item::getOptions
and with info_buyRequest being first.

If for some reason, I currently can't reproduce, the order gets changed, or info_buyRequest gets skipped,
we get a crash like this (Tested with 20.3.0):

Exception: Error unserializing data. in /var/www/magento19-native/app/code/core/Mage/Core/Helper/UnserializeArray.php:34
Stack trace:
#0 /var/www/magento19-native/app/code/core/Mage/Sales/Model/Quote/Item.php(523): Mage_Core_Helper_UnserializeArray->unserialize('what')
#1 /var/www/magento19-native/app/code/core/Mage/Sales/Model/Quote.php(1876): Mage_Sales_Model_Quote_Item->compare(Object(Mage_Sales_Model_Quote_Item))
#2 /var/www/magento19-native/app/code/core/Mage/Checkout/Model/Session.php(294): Mage_Sales_Model_Quote->merge(Object(Mage_Sales_Model_Quote))
#3 /var/www/magento19-native/app/code/core/Mage/Checkout/Model/Observer.php(32): Mage_Checkout_Model_Session->loadCustomerQuote()
#4 /var/www/magento19-native/app/code/core/Mage/Core/Model/App.php(1448): Mage_Checkout_Model_Observer->loadCustomerQuote(Object(Varien_Event_Observer))
#5 /var/www/magento19-native/app/code/core/Mage/Core/Model/App.php(1426): Mage_Core_Model_App->_callObserverMethod(Object(Mage_Checkout_Model_Observer), 'loadCustomerQuo...', Object(Varien_Event_Observer), 'loadCustomerQuo...')
#6 /var/www/magento19-native/app/Mage.php(509): Mage_Core_Model_App->dispatchEvent('customer_login', Array)
#7 /var/www/magento19-native/app/code/core/Mage/Customer/Model/Session.php(250): Mage::dispatchEvent('customer_login', Array)
#8 /var/www/magento19-native/app/code/core/Mage/Customer/Model/Session.php(235): Mage_Customer_Model_Session->setCustomerAsLoggedIn(Object(Mage_Customer_Model_Customer))
#9 /var/www/magento19-native/app/code/core/Mage/Customer/controllers/AccountController.php(151): Mage_Customer_Model_Session->login('tester@testshop...', 'Test123')
#10 /var/www/magento19-native/app/code/core/Mage/Core/Controller/Varien/Action.php(421): Mage_Customer_AccountController->loginPostAction()
#11 /var/www/magento19-native/app/code/core/Mage/Core/Controller/Varien/Router/Standard.php(255): Mage_Core_Controller_Varien_Action->dispatch('loginPost')
#12 /var/www/magento19-native/app/code/core/Mage/Core/Controller/Varien/Front.php(181): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#13 /var/www/magento19-native/app/code/core/Mage/Core/Model/App.php(358): Mage_Core_Controller_Varien_Front->dispatch()
#14 /var/www/magento19-native/app/Mage.php(743): Mage_Core_Model_App->run(Array)
#15 /var/www/magento19-native/index.php(56): Mage::run('', 'store')
#16 {main}