SUPEE-10415 prevents basket control
https://magento.stackexchange.com/questions/203763
-
19-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've patch a Magento version 1.9.2.4 with the SUPEE-10415 patch and I can no longer add or remove items from the basket, previous branches without the patch all work fine.
It seems to be the unserialising of the data that causes the issues as stepping through the code with a debugger shows that it fails when a null type is passed to the Unserialize_Parser.
It throws an exception 'Unsupported data type N' from within lib/Unserialize/Reader/ArrValue.php on line 88
I've got around it by adding an Unserialize_Reader_Null class file to the \lib\Unserialize\Reader directory with a read method, and a TYPE_NULL constant to the Unserialize_Parser, plus I'm now additionally checking for the null value in the Unserialize_Reader_Arr::read method, but that feels like a problem waiting to happen when the next patch comes along.
Has anyone else had this issue and found a more elegant solution?
Thanks
La solution
I've got Magento 1.9.2.4 and lib/Unserialize/Reader/Null.php was already present? contents;
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magento.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magento.com for more information.
*
* @category Unserialize
* @package Unserialize_Reader_Null
* @copyright Copyright (c) 2006-2016 X.commerce, Inc. and affiliates (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
/**
* Class Unserialize_Reader_Null
*/
class Unserialize_Reader_Null
{
/**
* @var int
*/
protected $_status;
/**
* @var string
*/
protected $_value;
const NULL_VALUE = 'null';
const READING_VALUE = 1;
/**
* @param string $char
* @param string $prevChar
* @return string|null
*/
public function read($char, $prevChar)
{
if ($prevChar == Unserialize_Parser::SYMBOL_SEMICOLON) {
$this->_value = self::NULL_VALUE;
$this->_status = self::READING_VALUE;
return null;
}
if ($this->_status == self::READING_VALUE && $char == Unserialize_Parser::SYMBOL_SEMICOLON) {
return $this->_value;
}
return null;
}
}
The change in the patch that may have affected you (as your lib file was missing it seems) was in app/code/core/Mage/Core/Helper/String.php;
/**
* UnSerialize string
* @param $str
* @return mixed|null
* @throws Exception
*/
public function unserialize($str)
{
$reader = new Unserialize_Reader_ArrValue('data');
$prevChar = null;
for ($i = 0; $i < strlen($str); $i++) {
$char = $str[$i];
$result = $reader->read($char, $prevChar);
if (!is_null($result)) {
return $result;
}
$prevChar = $char;
}
}
Edit: these files were added via SUPEE-8788 (later updated to SUPEE-8788v2), so OP's solution is to ensure SUPEE-8788v2 was applied (this fixes some major security also) but the Reader files are available in 1.9.3.0 source if required https://github.com/OpenMage/magento-mirror/tree/1.9.3.0/lib/Unserialize/Reader
