minor #40546 Security Hardening - unserialize DumpDataCollector (jderusse)
This PR was merged into the 4.4 branch.
Discussion
----------
Security Hardening - unserialize DumpDataCollector
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
214dbfec51
Hardening Security - Unserialize DumpDataCollector
This commit is contained in:
commit
f84adc46f3
@ -183,6 +183,11 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
||||
$charset = array_pop($this->data);
|
||||
$fileLinkFormat = array_pop($this->data);
|
||||
$this->dataCount = \count($this->data);
|
||||
foreach ($this->data as $dump) {
|
||||
if (!\is_string($dump['name']) || !\is_string($dump['file']) || !\is_int($dump['line'])) {
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
}
|
||||
|
||||
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
|
||||
}
|
||||
@ -257,7 +262,7 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
||||
}
|
||||
}
|
||||
|
||||
private function doDump(DataDumperInterface $dumper, $data, string $name, string $file, int $line)
|
||||
private function doDump(DataDumperInterface $dumper, Data $data, string $name, string $file, int $line)
|
||||
{
|
||||
if ($dumper instanceof CliDumper) {
|
||||
$contextDumper = function ($name, $file, $line, $fmt) {
|
||||
|
Reference in New Issue
Block a user