bug #29589 [VarExporter] dont call userland code with uninitialized objects (nicolas-grekas)
This PR was merged into the 4.2 branch.
Discussion
----------
[VarExporter] dont call userland code with uninitialized objects
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29570
| License | MIT
| Doc PR | -
Commits
-------
f0cd2b2838
[VarExporter] dont call userland code with uninitialized objects
This commit is contained in:
commit
e3123f8068
@ -93,15 +93,9 @@ class Registry
|
|||||||
throw new NotInstantiableTypeException($class);
|
throw new NotInstantiableTypeException($class);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (null !== $proto && !$proto instanceof \Throwable) {
|
if (null !== $proto && !$proto instanceof \Throwable && !$proto instanceof \Serializable && !\method_exists($class, '__sleep')) {
|
||||||
try {
|
try {
|
||||||
if (!$proto instanceof \Serializable && !\method_exists($class, '__sleep')) {
|
serialize($proto);
|
||||||
serialize($proto);
|
|
||||||
} elseif ($instantiableWithoutConstructor) {
|
|
||||||
serialize($reflector->newInstanceWithoutConstructor());
|
|
||||||
} else {
|
|
||||||
serialize(unserialize(($proto instanceof \Serializable ? 'C:' : 'O:').\strlen($class).':"'.$class.'":0:{}'));
|
|
||||||
}
|
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
throw new NotInstantiableTypeException($class, $e);
|
throw new NotInstantiableTypeException($class, $e);
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
return \Symfony\Component\VarExporter\Internal\Hydrator::hydrate(
|
||||||
|
$o = \Symfony\Component\VarExporter\Internal\Registry::unserialize([], [
|
||||||
|
'C:51:"Symfony\\Component\\VarExporter\\Tests\\FooSerializable":20:{a:1:{i:0;s:3:"bar";}}',
|
||||||
|
]),
|
||||||
|
null,
|
||||||
|
[],
|
||||||
|
$o[0],
|
||||||
|
[]
|
||||||
|
);
|
@ -194,6 +194,8 @@ class VarExporterTest extends TestCase
|
|||||||
yield array('wakeup-refl', $value);
|
yield array('wakeup-refl', $value);
|
||||||
|
|
||||||
yield array('abstract-parent', new ConcreteClass());
|
yield array('abstract-parent', new ConcreteClass());
|
||||||
|
|
||||||
|
yield array('foo-serializable', new FooSerializable('bar'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -342,3 +344,28 @@ class ConcreteClass extends AbstractClass
|
|||||||
$this->setBar(234);
|
$this->setBar(234);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class FooSerializable implements \Serializable
|
||||||
|
{
|
||||||
|
private $foo;
|
||||||
|
|
||||||
|
public function __construct(string $foo)
|
||||||
|
{
|
||||||
|
$this->foo = $foo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getFoo(): string
|
||||||
|
{
|
||||||
|
return $this->foo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function serialize(): string
|
||||||
|
{
|
||||||
|
return serialize(array($this->getFoo()));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function unserialize($str)
|
||||||
|
{
|
||||||
|
list($this->foo) = unserialize($str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Reference in New Issue
Block a user