MAGETWO-95386: Fixed incorrect design expretions functional

Author: roman

lib/internal/Magento/Framework/View/DesignExceptions.php

@@ -5,6 +5,10 @@
  */
 namespace Magento\Framework\View;
 
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Unserialize\Unserialize;
+use Psr\Log\LoggerInterface;
+
 /**
  * Class DesignExceptions
  */
@@ -31,19 +35,36 @@ class DesignExceptions
      */
     protected $scopeType;
 
+    /**
+     * @var Unserialize
+     */
+    private $secureUnserializer;
+
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
     /**
      * @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
      * @param string $exceptionConfigPath
      * @param string $scopeType
+     * @param Unserialize|null $secureUnserializer
+     * @param LoggerInterface|null $logger
      */
     public function __construct(
         \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig,
         $exceptionConfigPath,
-        $scopeType
+        $scopeType,
+        Unserialize $secureUnserializer = null,
+        LoggerInterface $logger = null
     ) {
         $this->scopeConfig = $scopeConfig;
         $this->exceptionConfigPath = $exceptionConfigPath;
         $this->scopeType = $scopeType;
+        $this->secureUnserializer = $secureUnserializer ?:
+            ObjectManager::getInstance()->create(Unserialize::class);
+        $this->logger = $logger ?: ObjectManager::getInstance()->create(LoggerInterface::class);
     }
 
     /**
@@ -65,12 +86,20 @@ public function getThemeByRequest(\Magento\Framework\App\Request\Http $request)
         if (!$expressions) {
             return false;
         }
-        $expressions = unserialize($expressions);
+
+        try {
+            $expressions = $this->secureUnserializer->unserialize($expressions);
+        } catch (\Exception $e) {
+            $this->logger->critical($e->getMessage());
+            return false;
+        }
+
         foreach ($expressions as $rule) {
             if (preg_match($rule['regexp'], $userAgent)) {
                 return $rule['value'];
             }
         }
+
         return false;
     }
 }