bug #30749 [Serializer] Added check of constuctor modifiers to AbstractNormalizer (NekaKawaii)
This PR was submitted for the 4.2 branch but it was merged into the 3.4 branch instead (closes #30749).
Discussion
----------
[Serializer] Added check of constuctor modifiers to AbstractNormalizer
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30748
| License | MIT
If constructor is not public, instantiate target object without constructor to prevent errors like `Access to non-public constructor of class Target`
Commits
-------
eb0e14c298
[Serializer] Added check of constuctor modifiers to AbstractNormalizer
This commit is contained in:
commit
cc6bfea220
|
@ -333,6 +333,10 @@ abstract class AbstractNormalizer extends SerializerAwareNormalizer implements N
|
|||
|
||||
$constructor = $this->getConstructor($data, $class, $context, $reflectionClass, $allowedAttributes);
|
||||
if ($constructor) {
|
||||
if (true !== $constructor->isPublic()) {
|
||||
return $reflectionClass->newInstanceWithoutConstructor();
|
||||
}
|
||||
|
||||
$constructorParameters = $constructor->getParameters();
|
||||
|
||||
$params = [];
|
||||
|
|
Reference in New Issue