diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) 

This PR was merged into the 3.4 branch.

Discussion
----------

[Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

Reported for `FilesystemCommonTrait` at https://www.intigriti.com/company/submission/CfDJ8Pja6NZvkpNCmx5vVyiGSn7yW8c1j4H0-cnAhIk6fbstOMm028X-XD1kmSuQkGB2n0cRyyVrA2yAiLN_I0EVilaKVLSiSa0UXZJGfN1h85vmk5c2dBBpu619r1YQEIjcXA

Commits
-------

4fb9752816 Prevent destructors with side-effects from being unserialized
This commit is contained in:
Nicolas Grekas 2019-04-16 11:03:16 +02:00
parent 0a4ed67b0d 4fb9752816
commit d77e445697
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php
View File

@ -83,6 +83,16 @@ class SymfonyTestsListenerTrait
}
}
public function __sleep()
{
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
}
public function __wakeup()
{
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
}
public function __destruct()
{
if (0 < $this->state) {

10
src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php
View File

@ -64,6 +64,16 @@ class ConcreteMicroKernel extends Kernel implements EventSubscriberInterface
return $this->cacheDir;
}
public function __sleep()
{
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
}
public function __wakeup()
{
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
}
public function __destruct()
{
$fs = new Filesystem();

10
src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php
View File

@ -116,6 +116,16 @@ trait FilesystemCommonTrait
throw new \ErrorException($message, 0, $type, $file, $line);
}
public function __sleep()
{
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
}
public function __wakeup()
{
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
}
public function __destruct()
{
if (method_exists(parent::class, '__destruct')) {