bug #29589 [VarExporter] dont call userland code with uninitialized objects (nicolas-grekas)
This PR was merged into the 4.2 branch.
Discussion
----------
[VarExporter] dont call userland code with uninitialized objects
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29570
| License | MIT
| Doc PR | -
Commits
-------
f0cd2b2838
[VarExporter] dont call userland code with uninitialized objects
This commit is contained in:
commit
e3123f8068
@ -93,15 +93,9 @@ class Registry
|
||||
throw new NotInstantiableTypeException($class);
|
||||
}
|
||||
}
|
||||
if (null !== $proto && !$proto instanceof \Throwable) {
|
||||
if (null !== $proto && !$proto instanceof \Throwable && !$proto instanceof \Serializable && !\method_exists($class, '__sleep')) {
|
||||
try {
|
||||
if (!$proto instanceof \Serializable && !\method_exists($class, '__sleep')) {
|
||||
serialize($proto);
|
||||
} elseif ($instantiableWithoutConstructor) {
|
||||
serialize($reflector->newInstanceWithoutConstructor());
|
||||
} else {
|
||||
serialize(unserialize(($proto instanceof \Serializable ? 'C:' : 'O:').\strlen($class).':"'.$class.'":0:{}'));
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
throw new NotInstantiableTypeException($class, $e);
|
||||
}
|
||||
|
@ -0,0 +1,11 @@
|
||||
<?php
|
||||
|
||||
return \Symfony\Component\VarExporter\Internal\Hydrator::hydrate(
|
||||
$o = \Symfony\Component\VarExporter\Internal\Registry::unserialize([], [
|
||||
'C:51:"Symfony\\Component\\VarExporter\\Tests\\FooSerializable":20:{a:1:{i:0;s:3:"bar";}}',
|
||||
]),
|
||||
null,
|
||||
[],
|
||||
$o[0],
|
||||
[]
|
||||
);
|
@ -194,6 +194,8 @@ class VarExporterTest extends TestCase
|
||||
yield array('wakeup-refl', $value);
|
||||
|
||||
yield array('abstract-parent', new ConcreteClass());
|
||||
|
||||
yield array('foo-serializable', new FooSerializable('bar'));
|
||||
}
|
||||
}
|
||||
|
||||
@ -342,3 +344,28 @@ class ConcreteClass extends AbstractClass
|
||||
$this->setBar(234);
|
||||
}
|
||||
}
|
||||
|
||||
class FooSerializable implements \Serializable
|
||||
{
|
||||
private $foo;
|
||||
|
||||
public function __construct(string $foo)
|
||||
{
|
||||
$this->foo = $foo;
|
||||
}
|
||||
|
||||
public function getFoo(): string
|
||||
{
|
||||
return $this->foo;
|
||||
}
|
||||
|
||||
public function serialize(): string
|
||||
{
|
||||
return serialize(array($this->getFoo()));
|
||||
}
|
||||
|
||||
public function unserialize($str)
|
||||
{
|
||||
list($this->foo) = unserialize($str);
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user