security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas)
This PR was merged into the 4.2 branch.
This commit is contained in:
commit
5098b66336
|
@ -277,6 +277,16 @@ abstract class AbstractAdapter implements AdapterInterface, CacheInterface, Logg
|
|||
return $ok;
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
if ($this->deferred) {
|
||||
|
|
|
@ -277,6 +277,16 @@ class TagAwareAdapter implements TagAwareAdapterInterface, TagAwareCacheInterfac
|
|||
return $this->invalidateTags([]);
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->commit();
|
||||
|
|
Reference in New Issue