diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #30749 [Serializer] Added check of constuctor modifiers to AbstractNormalizer (NekaKawaii) 

This PR was submitted for the 4.2 branch but it was merged into the 3.4 branch instead (closes #30749).

Discussion
----------

[Serializer] Added check of constuctor modifiers to AbstractNormalizer

| Q             | A
| ------------- | ---
| Branch?       |  4.2
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #30748
| License       | MIT

If constructor is not public, instantiate target object without constructor to prevent errors like `Access to non-public constructor of class Target`

Commits
-------

eb0e14c298 [Serializer] Added check of constuctor modifiers to AbstractNormalizer
This commit is contained in:
Fabien Potencier 2019-03-30 08:26:43 +01:00
parent 2b734606b8 eb0e14c298
commit cc6bfea220
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
View File

@ -333,6 +333,10 @@ abstract class AbstractNormalizer extends SerializerAwareNormalizer implements N
$constructor = $this->getConstructor($data, $class, $context, $reflectionClass, $allowedAttributes);
if ($constructor) {
if (true !== $constructor->isPublic()) {
return $reflectionClass->newInstanceWithoutConstructor();
}
$constructorParameters = $constructor->getParameters();
$params = [];