Fix theme_webform_render_multifile

multifile.inc

@@ -423,7 +423,7 @@ function theme_webform_render_multifile($variables) {
   $webform_nid = $element['#webform_component']['nid'];
   $component_id = $element['#webform_component']['cid'];
   $submission_id = arg(3);
-  if ($fids = unserialize($value)) {
+  if ($fids = drupal_json_decode($value)) {
     $suffix = '';
     foreach (webform_get_multifile($fids) as $file) {
       $suffix .= '<div class="multifile-file"> ';
@@ -563,7 +563,7 @@ function _webform_validate_multifile(&$element, &$form_state) {
  * Implementation of _webform_submit_component().
  */
 function _webform_submit_multifile($component, $value) {
-  $old_fids = isset($value['_old_fids']) ? unserialize($value['_old_fids']) : NULL;
+  $old_fids = isset($value['_old_fids']) ? drupal_json_decode($value['_old_fids']) : NULL;
 
   if ($fids = $value['_fids']) {
     $files = webform_get_multifile($fids);
@@ -583,7 +583,7 @@ function _webform_submit_multifile($component, $value) {
   }
 
   if ($fids) {
-    return serialize($fids);
+    return drupal_json_encode($fids);
   }
 }
 
@@ -591,7 +591,7 @@ function _webform_submit_multifile($component, $value) {
  * Implementation of _webform_display_component().
  */
 function _webform_display_multifile($component, $value, $format = 'html') {
-  $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+  $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
   return array(
      '#title' => $component['name'],
      '#value' => $fids ? webform_get_multifile($fids) : NULL,
@@ -632,7 +632,7 @@ function theme_webform_display_multifile($variables) {
  */
 function _webform_delete_multifile($component, $value) {
   // Delete a set of files on an individual submission.
-  $fids = isset($value[0]) ? unserialize($value[0]) : NULL;
+  $fids = isset($value[0]) ? drupal_json_decode($value[0]) : NULL;
   foreach (webform_get_multifile($fids) as $file) {
     file_delete($file);
   }
@@ -660,7 +660,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
   $numfiles = 0;
 
   while ($data = $result->fetchAssoc()) {
-    if ($fids = unserialize($data['data'])) {
+    if ($fids = drupal_json_decode($data['data'])) {
       $counter = 0;
       foreach (webform_get_multifile($fids) as $file) {
         if (isset($file->filesize)) {
@@ -688,7 +688,7 @@ function _webform_analysis_multifile($component, $sids = array()) {
  */
 function _webform_table_multifile($component, $value) {
   $links = array();
-  if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+  if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
     foreach (webform_get_multifile($fids) as $file) {
       if (!empty($file->fid)) {
         $link = l(webform_multifile_name($file->uri), webform_multifile_url($file->uri));
@@ -720,7 +720,7 @@ function _webform_csv_headers_multifile($component, $export_options) {
 function _webform_csv_data_multifile($component, $export_options, $value) {
   $filenames = array();
   $sizes = array();
-  if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+  if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
     foreach (webform_get_multifile($fids) as $file) {
       $filenames[] = webform_multifile_url($file->uri);
       $sizes[] = (int) ($file->filesize/1024);
@@ -740,7 +740,7 @@ function _webform_csv_data_multifile($component, $export_options, $value) {
  */
 function _webform_get_files_multifile($value) {
   $files = array();
-  if ($fids = (isset($value[0]) ? unserialize($value[0]) : FALSE)) {
+  if ($fids = (isset($value[0]) ? drupal_json_decode($value[0]) : FALSE)) {
     foreach (webform_get_multifile($fids) as $file) {
       $files[] = $file;
     }
@@ -832,7 +832,7 @@ function _webform_multifile_get_files_array_value($value, $form_key) {
  */
 function _webform_attachments_multifile($component, $value) {
   static $files = array();
-  $fids = unserialize($value[0]);
+  $fids = drupal_json_decode($value[0]);
   $return_files = array();
   foreach ($fids as $fid) {
     if (!isset($files[$fid])) {

safe_unserialize.inc

+<?php
+
+/**
+ * @file
+ * Contains helper functions for webform_multifile_update_7001().
+ */
+
+/**
+ * Safe unserialize() replacement
+ * - accepts a strict subset of PHP's native serialized representation
+ * - does not unserialize objects
+ *
+ * @param string $str
+ * @return mixed
+ * @throw Exception if $str is malformed or contains unsupported types (e.g., resources, objects)
+ */
+function _safe_unserialize($str) {
+  if (empty($str) || !is_string($str)) {
+    return false;
+  }
+  $stack = array();
+  $expected = array();
+  /*
+   * states:
+   *   0 - initial state, expecting a single value or array
+   *   1 - terminal state
+   *   2 - in array, expecting end of array or a key
+   *   3 - in array, expecting value or another array
+   */
+  $state = 0;
+  while ($state != 1) {
+    $type = isset($str[0]) ? $str[0] : '';
+    if ($type == '}') {
+      $str = substr($str, 1);
+    }
+    else if ($type == 'N' && $str[1] == ';') {
+      $value = null;
+      $str = substr($str, 2);
+    }
+    else if ($type == 'b' && preg_match('/^b:([01]);/', $str, $matches)) {
+      $value = $matches[1] == '1' ? true : false;
+      $str = substr($str, 4);
+    }
+    else if ($type == 'i' && preg_match('/^i:(-?[0-9]+);(.*)/s', $str, $matches)) {
+      $value = (int) $matches[1];
+      $str = $matches[2];
+    }
+    else if ($type == 'd' && preg_match('/^d:(-?[0-9]+\.?[0-9]*(E[+-][0-9]+)?);(.*)/s', $str, $matches)) {
+      $value = (float) $matches[1];
+      $str = $matches[3];
+    }
+    else if ($type == 's' && preg_match('/^s:([0-9]+):"(.*)/s', $str, $matches) && substr($matches[2], (int) $matches[1], 2) == '";') {
+      $value = substr($matches[2], 0, (int) $matches[1]);
+      $str = substr($matches[2], (int) $matches[1] + 2);
+    }
+    else if ($type == 'a' && preg_match('/^a:([0-9]+):{(.*)/s', $str, $matches)) {
+      $expectedLength = (int) $matches[1];
+      $str = $matches[2];
+    }
+    else {
+      // object or unknown/malformed type
+      return false;
+    }
+    switch ($state) {
+      case 3: // in array, expecting value or another array
+        if ($type == 'a') {
+          $stack[] = &$list;
+          $list[$key] = array();
+          $list = &$list[$key];
+          $expected[] = $expectedLength;
+          $state = 2;
+          break;
+        }
+        if ($type != '}') {
+          $list[$key] = $value;
+          $state = 2;
+          break;
+        }
+        // missing array value
+        return false;
+      case 2: // in array, expecting end of array or a key
+        if ($type == '}') {
+          if (count($list) < end($expected)) {
+            // array size less than expected
+            return false;
+          }
+          unset($list);
+          $list = &$stack[count($stack) - 1];
+          array_pop($stack);
+          // go to terminal state if we're at the end of the root array
+          array_pop($expected);
+          if (count($expected) == 0) {
+            $state = 1;
+          }
+          break;
+        }
+        if ($type == 'i' || $type == 's') {
+          if (count($list) >= end($expected)) {
+            // array size exceeds expected length
+            return false;
+          }
+          $key = $value;
+          $state = 3;
+          break;
+        }
+        // illegal array index type
+        return false;
+      case 0: // expecting array or value
+        if ($type == 'a') {
+          $data = array();
+          $list = &$data;
+          $expected[] = $expectedLength;
+          $state = 2;
+          break;
+        }
+        if ($type != '}') {
+          $data = $value;
+          $state = 1;
+          break;
+        }
+        // not in array
+        return false;
+    }
+  }
+  if (!empty($str)) {
+    // trailing data in input
+    return false;
+  }
+  return $data;
+}
+
+/**
+ * Wrapper for _safe_unserialize() that handles exceptions and multibyte encoding issue
+ *
+ * @param string $str
+ * @return mixed
+ */
+function safe_unserialize($str) {
+  // ensure we use the byte count for strings even when strlen() is overloaded by mb_strlen()
+  if (function_exists('mb_internal_encoding') &&
+      (((int) ini_get('mbstring.func_overload')) & 2)) {
+    $mbIntEnc = mb_internal_encoding();
+    mb_internal_encoding('ASCII');
+  }
+  $out = _safe_unserialize($str);
+  if (isset($mbIntEnc)) {
+    mb_internal_encoding($mbIntEnc);
+  }
+  return $out;
+}

webform_multifile.install

@@ -30,3 +30,34 @@ function webform_multifile_requirements($phase) {
   }
   return $requirements;
 }
+
+/**
+ * Convert serialized php arrays to json encoded strings.
+ */
+function webform_multifile_update_7001(&$sandbox) {
+  $q = db_select('webform_submitted_data', 'd')
+      ->fields('d');
+  $q->join('webform_component', 'c', 'c.cid = d.cid');
+  $q->condition('c.type', 'multifile');
+  if (!isset($sandbox['total'])) {
+    $sandbox['current'] = 0;
+    $sandbox['total'] = $q->countQuery()->execute()->fetchField();
+  }
+  $q->range($sandbox['current'], 50);
+  module_load_include('inc', 'webform_multifile', 'safe_unserialize');
+  foreach ($q->execute()->fetchAll() as $data) {
+    $data->data = drupal_json_encode(safe_unserialize($data->data));
+    db_update('webform_submitted_data')
+      ->fields(array('data' => $data->data))
+      ->condition('nid', $data->nid)
+      ->condition('sid', $data->sid)
+      ->condition('cid', $data->cid)
+      ->condition('no', $data->no)
+      ->execute();
+    $sandbox['current']++;
+  }
+  $sandbox['#finished'] = 1;
+  if ($sandbox['current'] < $sandbox['total']) {
+    $sandbox['#finished'] = $sandbox['current'] / $sandbox['total'];
+  }
+}

webform_multifile.module

@@ -71,10 +71,10 @@ function webform_multifile_delete_form_submit($form, &$form_state) {
   $file = file_load($form_state['values']['fid']);
   file_delete($file);
   // Update the submission data and re-save it without the deleted fid.
-  $fids = unserialize($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
+  $fids = drupal_json_decode($form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0]);
   $key = array_search($file->fid, $fids);
   unset($fids[$key]);
-  $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = serialize($fids);
+  $form_state['values']['submission']->data[$form_state['values']['component_id']]['value'][0] = drupal_json_encode($fids);
   module_load_include('inc', 'webform', 'includes/webform.submissions');
   webform_submission_update($form_state['values']['webform'], $form_state['values']['submission']);
   $form_state['redirect'] = 'node/' . $form_state['values']['webform']->nid . '/submission/' . $form_state['values']['submission']->sid . '/edit';
@@ -94,7 +94,7 @@ function webform_multifile_file_download($uri) {
   $multifile_scan = $q->execute();
   $submission_id = $submission_uid = NULL;
   while ($multifile_row = $multifile_scan->fetchAssoc()) {
-    $file_ids = unserialize($multifile_row['data']);
+    $file_ids = drupal_json_decode($multifile_row['data']);
     if (in_array($target_document->fid, $file_ids) ) {
       $submission_id = $multifile_row['sid'];
     }