MAGETWO-59764: Create serialize class in framework

Author: Joan He

lib/internal/Magento/Framework/Serialize/README.md

@@ -1,5 +1,8 @@
 # Serialize
 
-**Serialize** libaray provides *SerializerInterface* and multiple implementations of serializer to support different kinds of needs of serializing/unserializing of data. Here are list of serializers in this library:
+**Serialize** library provides interface *SerializerInterface* and multiple implementations:
 
- * **Json** (default) - It can be used to serialize string, integer, float, boolean, or array data to json string; it unserializes json string to string, integer, float, boolean, or array. This is the recommended serializer. 
+ * *Json* - default implementation. Uses PHP native json_encode/json_decode functions;
+ * *Serialize* - less secure than *Json*, but gives higher performance on big arrays. Uses PHP native serialize/unserialize functions, does not unserialize objects on PHP 7.
+ 
+Using *Serialize* implementation directly is discouraged, always use *SerializerInterface*, using *Serialize* implementation may lead to security vulnerabilities.

lib/internal/Magento/Framework/Serialize/Serializer/Serialize.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Serialize\Serializer;
+
+use Magento\Framework\Serialize\SerializerInterface;
+
+/**
+ * Less secure than Json implementation, but gives higher performance on big arrays. Does not unserialize objects on
+ * PHP 7. Using this implementation directly is discouraged as it may lead to security vulnerabilities, especially on
+ * older versions of PHP
+ */
+class Serialize implements SerializerInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function serialize($data)
+    {
+        return serialize($data);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function unserialize($string)
+    {
+        if ($this->getPhpVersion() >= 7) {
+            return unserialize($string, ['allowed_classes' => false]);
+        }
+        return unserialize($string);
+    }
+
+    /**
+     * Return major PHP version
+     *
+     * @return int
+     */
+    private function getPhpVersion()
+    {
+        return PHP_MAJOR_VERSION;
+    }
+}

lib/internal/Magento/Framework/Serialize/Test/Unit/Serializer/SerializeTest.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Serialize\Test\Unit\Serializer;
+
+use Magento\Framework\Serialize\Serializer\Serialize;
+use Magento\Framework\Serialize\Signer;
+use Psr\Log\LoggerInterface;
+use Magento\Framework\Serialize\InvalidSignatureException;
+
+class SerializeTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var Serialize
+     */
+    private $serialize;
+
+    protected function setUp()
+    {
+        $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $this->serialize = $objectManager->getObject(Serialize::class);
+    }
+
+    /**
+     * @param string|int|float|bool|array|null $value
+     * @param string $serializedValue
+     * @dataProvider serializeDataProvider
+     */
+    public function testSerialize($value, $serializedValue)
+    {
+        $this->assertEquals($serializedValue, $this->serialize->serialize($value));
+    }
+
+    public function serializeDataProvider()
+    {
+        return [
+            ['string', 's:6:"string";'],
+            ['', 's:0:"";'],
+            [10, 'i:10;'],
+            [10.5, 'd:10.5;'],
+            [null, 'N;'],
+            [false, 'b:0;'],
+            [['foo' => 'bar'], 'a:1:{s:3:"foo";s:3:"bar";}'],
+        ];
+    }
+
+    /**
+     * @param string $serializedValue
+     * @param string|int|float|bool|array|null $value
+     * @dataProvider unserializeDataProvider
+     */
+    public function testUnserialize($serializedValue, $value)
+    {
+        $this->assertEquals($value, $this->serialize->unserialize($serializedValue));
+    }
+
+    public function unserializeDataProvider()
+    {
+        return [
+            ['s:6:"string";', 'string'],
+            ['s:0:"";', ''],
+            ['i:10;', 10],
+            ['d:10.5;', 10.5],
+            ['N;', null],
+            ['b:0;', false],
+            ['a:1:{s:3:"foo";s:3:"bar";}', ['foo' => 'bar']],
+        ];
+    }
+}