Hardening Security - Unserialize DumpDataCollector
This commit is contained in:
parent
602b52041a
commit
214dbfec51
@ -183,6 +183,11 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
|||||||
$charset = array_pop($this->data);
|
$charset = array_pop($this->data);
|
||||||
$fileLinkFormat = array_pop($this->data);
|
$fileLinkFormat = array_pop($this->data);
|
||||||
$this->dataCount = \count($this->data);
|
$this->dataCount = \count($this->data);
|
||||||
|
foreach ($this->data as $dump) {
|
||||||
|
if (!\is_string($dump['name']) || !\is_string($dump['file']) || !\is_int($dump['line'])) {
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
|
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
|
||||||
}
|
}
|
||||||
@ -257,7 +262,7 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function doDump(DataDumperInterface $dumper, $data, string $name, string $file, int $line)
|
private function doDump(DataDumperInterface $dumper, Data $data, string $name, string $file, int $line)
|
||||||
{
|
{
|
||||||
if ($dumper instanceof CliDumper) {
|
if ($dumper instanceof CliDumper) {
|
||||||
$contextDumper = function ($name, $file, $line, $fmt) {
|
$contextDumper = function ($name, $file, $line, $fmt) {
|
||||||
|
Reference in New Issue
Block a user