Merge branch '4.4' into 5.2
* 4.4: [Serializer] Prevent access to private properties without getters
This commit is contained in:
commit
bdf3589918
@ -111,8 +111,9 @@ class ObjectNormalizer extends AbstractObjectNormalizer
|
||||
|
||||
// properties
|
||||
foreach ($reflClass->getProperties() as $reflProperty) {
|
||||
if ($checkPropertyInitialization) {
|
||||
$isPublic = $reflProperty->isPublic();
|
||||
|
||||
if ($checkPropertyInitialization) {
|
||||
if (!$isPublic) {
|
||||
$reflProperty->setAccessible(true);
|
||||
}
|
||||
@ -120,10 +121,11 @@ class ObjectNormalizer extends AbstractObjectNormalizer
|
||||
unset($attributes[$reflProperty->name]);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$isPublic) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if ($reflProperty->isStatic() || !$this->isAllowedAttribute($object, $reflProperty->name, $format, $context)) {
|
||||
continue;
|
||||
|
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Serializer\Tests\Fixtures;
|
||||
|
||||
final class DummyPrivatePropertyWithoutGetter
|
||||
{
|
||||
private $foo = 'foo';
|
||||
private $bar = 'bar';
|
||||
|
||||
public function getBar()
|
||||
{
|
||||
return $this->bar;
|
||||
}
|
||||
}
|
@ -33,6 +33,7 @@ use Symfony\Component\Serializer\Serializer;
|
||||
use Symfony\Component\Serializer\SerializerInterface;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\Annotations\GroupDummy;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\CircularReferenceDummy;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\DummyPrivatePropertyWithoutGetter;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\OtherSerializedNameDummy;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\Php74Dummy;
|
||||
use Symfony\Component\Serializer\Tests\Fixtures\Php74DummyPrivate;
|
||||
@ -140,6 +141,15 @@ class ObjectNormalizerTest extends TestCase
|
||||
);
|
||||
}
|
||||
|
||||
public function testNormalizeObjectWithPrivatePropertyWithoutGetter()
|
||||
{
|
||||
$obj = new DummyPrivatePropertyWithoutGetter();
|
||||
$this->assertEquals(
|
||||
['bar' => 'bar'],
|
||||
$this->normalizer->normalize($obj, 'any')
|
||||
);
|
||||
}
|
||||
|
||||
public function testDenormalize()
|
||||
{
|
||||
$obj = $this->normalizer->denormalize(
|
||||
|
Reference in New Issue
Block a user