fix: add error handling for corrupted cache files in FileHandler (#9586)

Author: michalsn

system/Cache/Handlers/FileHandler.php

@@ -217,7 +217,7 @@ public function isSupported(): bool
 
     /**
      * Does the heavy lifting of actually retrieving the file and
-     * verifying it's age.
+     * verifying its age.
      *
      * @return array{data: mixed, ttl: int, time: int}|false
      */
@@ -227,7 +227,17 @@ protected function getItem(string $filename)
             return false;
         }
 
-        $data = @unserialize(file_get_contents($this->path . $filename));
+        $content = @file_get_contents($this->path . $filename);
+
+        if ($content === false) {
+            return false;
+        }
+
+        try {
+            $data = unserialize($content);
+        } catch (Throwable) {
+            return false;
+        }
 
         if (! is_array($data)) {
             return false;

tests/system/Cache/Handlers/FileHandlerTest.php

@@ -363,6 +363,30 @@ public function testGetMetaDataMiss(): void
     {
         $this->assertFalse($this->handler->getMetaData(self::$dummy));
     }
+
+    #[RequiresOperatingSystem('Linux|Darwin')]
+    public function testGetUnreadableFile(): void
+    {
+        $this->handler->save(self::$key1, 'value');
+
+        $filePath = $this->config->file['storePath'] . DIRECTORY_SEPARATOR . $this->config->prefix . self::$key1;
+
+        // Make the file unreadable
+        chmod($filePath, 0000);
+
+        $this->assertNull($this->handler->get(self::$key1));
+    }
+
+    public function testGetItemWithCorruptedData(): void
+    {
+        $filePath = $this->config->file['storePath'] . DIRECTORY_SEPARATOR . $this->config->prefix . self::$key1;
+
+        file_put_contents($filePath, 'corrupted_serialized_data_that_cannot_be_unserialized');
+
+        $this->assertFileExists($filePath);
+
+        $this->assertNull($this->handler->get(self::$key1));
+    }
 }
 
 final class BaseTestFileHandler extends FileHandler

user_guide_src/source/changelogs/v4.6.2.rst

@@ -35,6 +35,7 @@ Deprecations
 Bugs Fixed
 **********
 
+- **Cache:** Fixed a bug where a corrupted or unreadable cache file could cause an unhandled exception in ``FileHandler::getItem()``.
 - **Database:** Fixed a bug where ``when()`` and ``whenNot()`` in ``ConditionalTrait`` incorrectly evaluated certain falsy values (such as ``[]``, ``0``, ``0.0``, and ``'0'``) as truthy, causing callbacks to be executed unexpectedly. These methods now cast the condition to a boolean using ``(bool)`` to ensure consistent behavior with PHP's native truthiness.
 - **Security:** Fixed a bug where the ``sanitize_filename()`` function from the Security helper would throw an error when used in CLI requests.
 - **Session:** Fixed a bug where using the ``DatabaseHandler`` with an unsupported database driver (such as ``SQLSRV``, ``OCI8``, or ``SQLite3``) did not throw an appropriate error.