Brix, WordPress page builder - Insecure deserialization

 787 | function brix_import_templates() {
 788 | $key = 'file';
 789 | $return = array();
 790 |
 791 | if ( ! empty( $_POST ) ) {
 792 | $is_valid_nonce = isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'brix_import_templates' );
 793 |
 794 | if ( ! $is_valid_nonce ) {
 795 | return;
 796 | }
 797 |
 798 | $can_upload = ( ! empty( $_FILES ) ) && isset( $_FILES[ $key ] );
 799 |
 800 | if ( ! $can_upload ) {
 801 | $return['type'] = 'error';
 802 | $return['message'] = __( 'Please specify a file to upload.', 'brix' );
 803 |
 804 | die( json_encode( $return ) );
 805 | }
 806 | }
 807 | else {
 808 | return;
 809 | }
 810 |
 811 | $file_data = $_FILES[ $key ];
 812 | $num = count( $file_data['name'] );
 813 |
 814 | $imported_templates_count = 0;
 815 | $skipped_templates_count = 0;
 816 | $error_templates_count = 0;
 817 | $imported_data = null;
 818 |
 819 | for ( $i=0; $i<$num; $i++ ) {
 820 | if ( ! isset( $file_data['tmp_name'] ) || ! isset( $file_data['tmp_name'][$i] ) ) {
 821 | continue;
 822 | }
 823 |
 824 | $brix_templates = brix_get_templates();
 825 | $tmp_name = $file_data['tmp_name'][$i];
 826 |
 827 | $imported_data = implode( '', file( $tmp_name ) );
 828 | $imported_data = base64_decode( $imported_data );
> 829 | $imported_data = @unserialize( $imported_data );
 830 |
 831 | if ( $imported_data == null || ! is_array( $imported_data ) ) {
 832 | $error_templates_count++;
 833 |
 834 | continue;
 835 | }
 836 |
 837 | foreach ( $imported_data as $k => $template ) {
 838 | $template_data = $template['data'];
 839 |
 840 | foreach ( $brix_templates as $user_template ) {
 841 | if ( $user_template['data'] == $template_data ) {
 842 | $skipped_templates_count++;
 843 | unset( $imported_data[$k] );
 844 | }
 845 | }
 846 | }
 847 |
 848 | if ( ! empty( $imported_data ) ) {
 849 | foreach ( $imported_data as $single_template ) {
 850 | $brix_templates[] = $single_template;
 851 | }
 852 |
 853 | $imported_templates_count += count( $imported_data );
 854 |
 855 | brix_save_templates( $brix_templates );
 856 | }
 857 | }
 858 |
 859 | if ( $imported_templates_count > 0 ) {
 860 | $return['type'] = 'success';
 861 |
 862 | if ( $skipped_templates_count > 0 ) {
 863 | if ( $error_templates_count > 0 ) {
 864 | $return['message'] = sprintf( __( 's templates imported, s templates skipped and s errors.', 'brix' ),
 865 | esc_html( $imported_templates_count ),
 866 | esc_html( $skipped_templates_count ),
 867 | esc_html( $error_templates_count )
 868 | );
 869 | }
 870 | else {
 871 | $return['message'] = sprintf( __( 's templates imported and s templates skipped.', 'brix' ),
 872 | esc_html( $imported_templates_count ),
 873 | esc_html( $skipped_templates_count )
 874 | );
 875 | }
 876 | }
 877 | else {
 878 | $return['message'] = sprintf( __( 's templates imported.', 'brix' ),
 879 | esc_html( $imported_templates_count )
 880 | );
 881 | }
 882 | }
 883 | else {
 884 | if ( $skipped_templates_count > 0 ) {
 885 | $return['type'] = 'warning';
 886 |
 887 | if ( $error_templates_count > 0 ) {
  888 |     $return['message'] = sprintf( __( 's templates skipped and s errors.', 'brix' ),
  889 |      esc_html( $skipped_templates_count ),
  890 |      esc_html( $error_templates_count )
  891 |     );
  892 |    }
  893 |    else {
  894 |     $return['message'] = sprintf( __( 's templates skipped.', 'brix' ),
  895 |      esc_html( $skipped_templates_count )
  896 |     );
  897 |    }
  898 |   }
  899 |   else {
  900 |    $return['type'] = 'error';
  901 |    $return['message'] = __( 'No templates imported: verify the uploaded file.', 'brix' );
  902 |   }
  903 |  }
  904 |
  905 |  die( json_encode( $return ) );
  906 | }
      ^ Col 0