Robustness: safer gzinflate/zlib usage

Relates to https://github.com/shaarli/Shaarli/pull/846 PHP's `gzinflate()` fails with an error when being passed an empty string See: - https://bugs.php.net/bug.php?id=71395 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-19 22:08:29 +02:00 · 2017-09-19 22:08:29 +02:00 · 8c322aaba1
parent e4325b1517
commit 8c322aaba1
1 changed files with 16 additions and 10 deletions
--- a/application/FileUtils.php
+++ b/application/FileUtils.php
@ -50,7 +50,8 @@ class FileUtils

    /**
     * Read data from a file containing Shaarli database format content.
-     * If the file isn't readable or doesn't exists, default data will be returned.
+     *
+     * If the file isn't readable or doesn't exist, default data will be returned.
     *
     * @param string $file    File path.
     * @param mixed  $default The default value to return if the file isn't readable.
@ -61,16 +62,21 @@ class FileUtils
    {
        // Note that gzinflate is faster than gzuncompress.
        // See: http://www.php.net/manual/en/function.gzdeflate.php#96439
-        if (is_readable($file)) {
-            return unserialize(
-                gzinflate(
-                    base64_decode(
-                        substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
-                    )
-                )
-            );
+        if (! is_readable($file)) {
+            return $default;
        }

-        return $default;
+        $data = file_get_contents($file);
+        if ($data == '') {
+            return $default;
+        }
+
+        return unserialize(
+            gzinflate(
+                base64_decode(
+                    substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
+                )
+            )
+        );
    }
 }