From 90d956a8ff27f9594bb60fea8589e9cce241b566 Mon Sep 17 00:00:00 2001 From: Eugene Kazakov Date: Thu, 18 Nov 2021 20:40:21 +0100 Subject: [PATCH] Allow only trusted classes in unserialize --- lib/Compose.php | 2 +- lib/Factory/MailboxList.php | 6 +++++- lib/Flags.php | 11 ++++++++++- lib/Ftree/Prefs/Expanded.php | 2 +- lib/Ftree/Prefs/Poll.php | 2 +- lib/LoginTasks/SystemTask/Upgrade.php | 7 +++++-- lib/Prefs/Sort.php | 2 +- lib/Remote.php | 4 +++- lib/Search.php | 15 +++++++++++++-- 9 files changed, 40 insertions(+), 11 deletions(-) diff --git a/lib/Compose.php b/lib/Compose.php index 92279a058..22112f942 100644 --- a/lib/Compose.php +++ b/lib/Compose.php @@ -811,7 +811,7 @@ public function buildAndSendMessage( )); /* Add preferred reply language(s). */ - if ($lang = @unserialize($prefs->getValue('reply_lang'))) { + if ($lang = @unserialize($prefs->getValue('reply_lang'), array('allowed_classes' => false))) { $headers->addHeader('Accept-Language', implode(',', $lang)); } diff --git a/lib/Factory/MailboxList.php b/lib/Factory/MailboxList.php index 564b44bf5..a3a99a5a2 100644 --- a/lib/Factory/MailboxList.php +++ b/lib/Factory/MailboxList.php @@ -57,7 +57,11 @@ public function create($mailbox) $mailbox = IMP_Mailbox::get($mailbox); if ($ob = $this->_getCache($mailbox)->get($key)) { - $ob = @unserialize($ob); + $ob = @unserialize($ob, array('allowed_classes' => array( + 'IMP_Mailbox_List_Virtual', + 'IMP_Mailbox_List_Pop3', + 'IMP_Mailbox_List', + ))); } if (!$ob) { diff --git a/lib/Flags.php b/lib/Flags.php index f7c9fdc74..6b510583c 100644 --- a/lib/Flags.php +++ b/lib/Flags.php @@ -71,7 +71,16 @@ public function __construct() } if ($f_list = $GLOBALS['prefs']->getValue('msgflags')) { - $f_list = @unserialize($f_list); + $f_list = @unserialize($f_list, array('allowed_classes' => array( + 'IMP_Flag_Imap_Answered', + 'IMP_Flag_Imap_Deleted', + 'IMP_Flag_Imap_Draft', + 'IMP_Flag_Imap_Flagged', + 'IMP_Flag_Imap_Forwarded', + 'IMP_Flag_Imap_Junk', + 'IMP_Flag_Imap_NotJunk', + 'IMP_Flag_Imap_Seen', + ))); if (is_array($f_list)) { foreach ($f_list as $val) { $this->_userflags[$val->id] = $val; diff --git a/lib/Ftree/Prefs/Expanded.php b/lib/Ftree/Prefs/Expanded.php index 1dfa8a95a..5b35a8de7 100644 --- a/lib/Ftree/Prefs/Expanded.php +++ b/lib/Ftree/Prefs/Expanded.php @@ -41,7 +41,7 @@ public function __construct() { global $prefs; - if (($folders = @unserialize($prefs->getValue('expanded_folders'))) && + if (($folders = @unserialize($prefs->getValue('expanded_folders'), array('allowed_classes' => false))) && is_array($folders)) { $this->_data = $folders; } diff --git a/lib/Ftree/Prefs/Poll.php b/lib/Ftree/Prefs/Poll.php index d9b2a2270..bf961091d 100644 --- a/lib/Ftree/Prefs/Poll.php +++ b/lib/Ftree/Prefs/Poll.php @@ -47,7 +47,7 @@ public function __construct(IMP_Ftree $ftree) $this->_data = array('INBOX' => 1); /* Add the list of polled mailboxes from the prefs. */ - if ($nav_poll = @unserialize($prefs->getValue('nav_poll'))) { + if ($nav_poll = @unserialize($prefs->getValue('nav_poll'), array('allowed_classes' => false))) { $this->_data += $nav_poll; } diff --git a/lib/LoginTasks/SystemTask/Upgrade.php b/lib/LoginTasks/SystemTask/Upgrade.php index 31112f9e3..4730b60e3 100644 --- a/lib/LoginTasks/SystemTask/Upgrade.php +++ b/lib/LoginTasks/SystemTask/Upgrade.php @@ -344,7 +344,10 @@ protected function _upgradeVirtualFolders() $vfolders = $prefs->getValue('vfolder'); if (!empty($vfolders)) { - $vfolders = @unserialize($vfolders); + $vfolders = @unserialize($vfolders, array('allowed_classes' => array( + 'IMP_Search_Vfolder_Vinbox', + 'IMP_Search_Vfolder_Vtrash', + ))); } if (empty($vfolders) || !is_array($vfolders)) { @@ -577,7 +580,7 @@ protected function _upgradeStationeryToTemplates() { global $injector, $prefs; - $slist = @unserialize($prefs->getValue('stationery')); + $slist = @unserialize($prefs->getValue('stationery'), array('allowed_classes' => false)); if (is_array($slist)) { /* Old entry format: * 'c' => (string) Content diff --git a/lib/Prefs/Sort.php b/lib/Prefs/Sort.php index 26c46766f..f9c834caf 100644 --- a/lib/Prefs/Sort.php +++ b/lib/Prefs/Sort.php @@ -39,7 +39,7 @@ public function __construct() { global $prefs; - $sortpref = @unserialize($prefs->getValue(self::SORTPREF)); + $sortpref = @unserialize($prefs->getValue(self::SORTPREF), array('allowed_classes' => false)); if (is_array($sortpref)) { $this->_sortpref = $sortpref; } diff --git a/lib/Remote.php b/lib/Remote.php index ec3b7bb5a..9843599dc 100644 --- a/lib/Remote.php +++ b/lib/Remote.php @@ -37,7 +37,9 @@ class IMP_Remote implements ArrayAccess, IteratorAggregate */ public function __construct() { - $this->_accounts = @unserialize($GLOBALS['prefs']->getValue('remote')) ?: array(); + $this->_accounts = @unserialize($GLOBALS['prefs']->getValue('remote'), array('allowed_classes' => array( + 'IMP_Remote_Account', + ))) ?: array(); } /** diff --git a/lib/Search.php b/lib/Search.php index 06c4415ec..ca4130051 100644 --- a/lib/Search.php +++ b/lib/Search.php @@ -206,7 +206,15 @@ class_exists($cname)) { } if ($f_list = $GLOBALS['prefs']->getValue('filter')) { - $f_list = @unserialize($f_list); + $f_list = @unserialize($f_list, array('allowed_classes' => array( + 'IMP_Search_Filter', + 'IMP_Search_Filter_Personal', + 'IMP_Search_Filter_Attachment', + 'IMP_Search_Filter_Autogenerated', + 'IMP_Search_Filter_Contacts', + 'IMP_Search_Filter_Bulk', + 'IMP_Search_Filter_Mailinglist', + ))); if (is_array($f_list)) { foreach ($f_list as $val) { if ($val instanceof IMP_Search_Filter) { @@ -296,7 +304,10 @@ class_exists($cname)) { } if ($pref_vf = $GLOBALS['prefs']->getValue('vfolder')) { - $pref_vf = @unserialize($pref_vf); + $pref_vf = @unserialize($pref_vf, array('allowed_classes' => array( + 'IMP_Search_Vfolder_Vinbox', + 'IMP_Search_Vfolder_Vtrash', + ))); if (is_array($pref_vf)) { foreach ($pref_vf as $val) { if ($val instanceof IMP_Search_Vfolder) {