From 5d4ec94b038d692e6610b287e4879dd17e0eac66 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Mon, 11 Nov 2019 10:42:07 -0500
Subject: [PATCH] Fix bug: getSearchObject() followed by save() would corrupt
 database. - Only affected PostgreSQL databases. - We needed to better
 standardize the way the search object data was normalized.

---
 module/VuFind/src/VuFind/Db/Row/Search.php | 32 +++++++++++++++-------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/module/VuFind/src/VuFind/Db/Row/Search.php b/module/VuFind/src/VuFind/Db/Row/Search.php
index df00bcc2eb0..ca3c79efe9c 100644
--- a/module/VuFind/src/VuFind/Db/Row/Search.php
+++ b/module/VuFind/src/VuFind/Db/Row/Search.php
@@ -48,6 +48,22 @@ class Search extends RowGateway
         parent::__construct('id', 'search', $adapter);
     }
 
+    /**
+     * Support method to make sure that the search_object field is formatted as a
+     * string, since PostgreSQL sometimes represents it as a resource.
+     *
+     * @return void
+     */
+    protected function normalizeSearchObject()
+    {
+        // Note that if we have a resource, we need to grab the contents before
+        // saving -- this is necessary for PostgreSQL compatibility although MySQL
+        // returns a plain string
+        if (is_resource($this->search_object)) {
+            $this->search_object = stream_get_contents($this->search_object);
+        }
+    }
+
     /**
      * Get the search object from the row
      *
@@ -55,10 +71,9 @@ class Search extends RowGateway
      */
     public function getSearchObject()
     {
-        // Resource check for PostgreSQL compatibility:
-        $raw = is_resource($this->search_object)
-            ? stream_get_contents($this->search_object) : $this->search_object;
-        $result = unserialize($raw);
+        // We need to make sure the search object is a string before unserializing:
+        $this->normalizeSearchObject();
+        $result = unserialize($this->search_object);
         if (!($result instanceof \VuFind\Search\Minified)) {
             throw new \Exception('Problem decoding saved search');
         }
@@ -72,12 +87,9 @@ class Search extends RowGateway
      */
     public function save()
     {
-        // Note that if we have a resource, we need to grab the contents before
-        // saving -- this is necessary for PostgreSQL compatibility although MySQL
-        // returns a plain string
-        $this->search_object = is_resource($this->search_object)
-            ? stream_get_contents($this->search_object)
-            : $this->search_object;
+        // We can't save if the search object is a resource; make sure it's a
+        // string first:
+        $this->normalizeSearchObject();
         return parent::save();
     }
 }
-- 
GitLab