From f0409b403f2ea0a8290b417b2ae35dd0a330cec3 Mon Sep 17 00:00:00 2001 From: Julien Falque Date: Wed, 27 Jan 2021 17:40:30 +0100 Subject: [PATCH 1/2] [Serializer] Prevent access to private properties without getters --- .../Normalizer/ObjectNormalizer.php | 10 ++++---- .../DummyPrivatePropertyWithoutGetter.php | 23 +++++++++++++++++++ .../Tests/Normalizer/ObjectNormalizerTest.php | 10 ++++++++ 3 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 src/Symfony/Component/Serializer/Tests/Fixtures/DummyPrivatePropertyWithoutGetter.php diff --git a/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php index 0e1a378fe6..a3bd07440b 100644 --- a/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php @@ -107,8 +107,9 @@ class ObjectNormalizer extends AbstractObjectNormalizer // properties foreach ($reflClass->getProperties() as $reflProperty) { + $isPublic = $reflProperty->isPublic(); + if ($checkPropertyInitialization) { - $isPublic = $reflProperty->isPublic(); if (!$isPublic) { $reflProperty->setAccessible(true); } @@ -116,9 +117,10 @@ class ObjectNormalizer extends AbstractObjectNormalizer unset($attributes[$reflProperty->name]); continue; } - if (!$isPublic) { - continue; - } + } + + if (!$isPublic) { + continue; } if ($reflProperty->isStatic() || !$this->isAllowedAttribute($object, $reflProperty->name, $format, $context)) { diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/DummyPrivatePropertyWithoutGetter.php b/src/Symfony/Component/Serializer/Tests/Fixtures/DummyPrivatePropertyWithoutGetter.php new file mode 100644 index 0000000000..d20832131b --- /dev/null +++ b/src/Symfony/Component/Serializer/Tests/Fixtures/DummyPrivatePropertyWithoutGetter.php @@ -0,0 +1,23 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Serializer\Tests\Fixtures; + +final class DummyPrivatePropertyWithoutGetter +{ + private $foo = 'foo'; + private $bar = 'bar'; + + public function getBar() + { + return $this->bar; + } +} diff --git a/src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php b/src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php index 5c8c54d66c..4d145a5c8b 100644 --- a/src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php +++ b/src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php @@ -33,6 +33,7 @@ use Symfony\Component\Serializer\Normalizer\ObjectNormalizer; use Symfony\Component\Serializer\Serializer; use Symfony\Component\Serializer\SerializerInterface; use Symfony\Component\Serializer\Tests\Fixtures\CircularReferenceDummy; +use Symfony\Component\Serializer\Tests\Fixtures\DummyPrivatePropertyWithoutGetter; use Symfony\Component\Serializer\Tests\Fixtures\GroupDummy; use Symfony\Component\Serializer\Tests\Fixtures\MaxDepthDummy; use Symfony\Component\Serializer\Tests\Fixtures\OtherSerializedNameDummy; @@ -143,6 +144,15 @@ class ObjectNormalizerTest extends TestCase ); } + public function testNormalizeObjectWithPrivatePropertyWithoutGetter() + { + $obj = new DummyPrivatePropertyWithoutGetter(); + $this->assertEquals( + ['bar' => 'bar'], + $this->normalizer->normalize($obj, 'any') + ); + } + public function testDenormalize() { $obj = $this->normalizer->denormalize( From 9680a27246e0ee1b3d0ee1133201d68acb847d7b Mon Sep 17 00:00:00 2001 From: Thomas Calvet Date: Wed, 27 Jan 2021 17:14:37 +0100 Subject: [PATCH 2/2] [Uid] Fix time to float conversion --- src/Symfony/Component/Uid/BinaryUtil.php | 2 +- src/Symfony/Component/Uid/Tests/UuidTest.php | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Uid/BinaryUtil.php b/src/Symfony/Component/Uid/BinaryUtil.php index 32e7e0dff3..bbba6b9c18 100644 --- a/src/Symfony/Component/Uid/BinaryUtil.php +++ b/src/Symfony/Component/Uid/BinaryUtil.php @@ -124,7 +124,7 @@ class BinaryUtil $time = self::add($time, self::TIME_OFFSET_COM2); if ($time >= self::TIME_OFFSET_COM2) { - $time = -1 * self::toBase($time ^ "\xff\xff\xff\xff\xff\xff\xff\xff", self::BASE10); + $time = -1 * (self::toBase($time ^ "\xff\xff\xff\xff\xff\xff\xff\xff", self::BASE10) + 1); } else { $time[0] = $time[0] & "\x7F"; $time = self::toBase($time, self::BASE10); diff --git a/src/Symfony/Component/Uid/Tests/UuidTest.php b/src/Symfony/Component/Uid/Tests/UuidTest.php index 5369477d3c..6b5b27f3b5 100644 --- a/src/Symfony/Component/Uid/Tests/UuidTest.php +++ b/src/Symfony/Component/Uid/Tests/UuidTest.php @@ -199,4 +199,13 @@ class UuidTest extends TestCase { $this->assertInstanceOf(CustomUuid::class, CustomUuid::fromString(self::A_UUID_V4)); } + + public function testGetTime() + { + $this->assertSame(103072857660.6847, ((new UuidV1('ffffffff-ffff-1fff-a456-426655440000'))->getTime())); + $this->assertSame(0.0000001, ((new UuidV1('13814001-1dd2-11b2-a456-426655440000'))->getTime())); + $this->assertSame(0.0, (new UuidV1('13814000-1dd2-11b2-a456-426655440000'))->getTime()); + $this->assertSame(-0.0000001, (new UuidV1('13813fff-1dd2-11b2-a456-426655440000'))->getTime()); + $this->assertSame(-12219292800.0, ((new UuidV1('00000000-0000-1000-a456-426655440000'))->getTime())); + } }