bug #29621 [Security] Prefer clone() over unserialize(serialize()) for user refreshment (chalasr)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Prefer clone() over unserialize(serialize()) for user refreshment
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29459
| License | MIT
| Doc PR | n/a
To not hit the `serialize()` bug reported in the related ticket
Commits
-------
a8eba803a3
[Security] Prefer clone over unserialize(serialize()) for user refreshment
This commit is contained in:
commit
49c21d5bce
@ -170,7 +170,7 @@ class ContextListener implements ListenerInterface
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
$refreshedUser = $provider->refreshUser($user);
|
$refreshedUser = $provider->refreshUser($user);
|
||||||
$newToken = unserialize(serialize($token));
|
$newToken = clone $token;
|
||||||
$newToken->setUser($refreshedUser);
|
$newToken->setUser($refreshedUser);
|
||||||
|
|
||||||
// tokens can be deauthenticated if the user has been changed.
|
// tokens can be deauthenticated if the user has been changed.
|
||||||
|
Reference in New Issue
Block a user