Dont allow unserializing classes with a destructor
This commit is contained in:
parent
b85611fbd6
commit
facc095944
@ -87,6 +87,12 @@ class AppKernel extends Kernel
|
|||||||
|
|
||||||
public function __wakeup()
|
public function __wakeup()
|
||||||
{
|
{
|
||||||
|
foreach ($this as $k => $v) {
|
||||||
|
if (\is_object($v)) {
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$this->__construct($this->varDir, $this->testCase, $this->rootConfig, $this->environment, $this->debug);
|
$this->__construct($this->varDir, $this->testCase, $this->rootConfig, $this->environment, $this->debug);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,6 +34,16 @@ abstract class AbstractConfigurator
|
|||||||
throw new \BadMethodCallException(sprintf('Call to undefined method "%s::%s()".', static::class, $method));
|
throw new \BadMethodCallException(sprintf('Call to undefined method "%s::%s()".', static::class, $method));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks that a value is valid, optionally replacing Definition and Reference configurators by their configure value.
|
* Checks that a value is valid, optionally replacing Definition and Reference configurators by their configure value.
|
||||||
*
|
*
|
||||||
|
@ -76,6 +76,16 @@ class OrderedHashMapIterator implements \Iterator
|
|||||||
$this->managedCursors[$this->cursorId] = &$this->cursor;
|
$this->managedCursors[$this->cursorId] = &$this->cursor;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the iterator's cursors from the managed cursors of the
|
* Removes the iterator's cursors from the managed cursors of the
|
||||||
* corresponding {@link OrderedHashMap} instance.
|
* corresponding {@link OrderedHashMap} instance.
|
||||||
|
@ -123,6 +123,10 @@ abstract class DataCollector implements DataCollectorInterface
|
|||||||
public function __wakeup()
|
public function __wakeup()
|
||||||
{
|
{
|
||||||
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'unserialize'))->getDeclaringClass()->name) {
|
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'unserialize'))->getDeclaringClass()->name) {
|
||||||
|
if (\is_object($this->data)) {
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
@trigger_error(sprintf('Implementing the "%s::unserialize()" method is deprecated since Symfony 4.3, store all the serialized state in the "data" property instead.', $c), \E_USER_DEPRECATED);
|
@trigger_error(sprintf('Implementing the "%s::unserialize()" method is deprecated since Symfony 4.3, store all the serialized state in the "data" property instead.', $c), \E_USER_DEPRECATED);
|
||||||
$this->unserialize($this->data);
|
$this->unserialize($this->data);
|
||||||
}
|
}
|
||||||
|
@ -184,7 +184,7 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
|||||||
$fileLinkFormat = array_pop($this->data);
|
$fileLinkFormat = array_pop($this->data);
|
||||||
$this->dataCount = \count($this->data);
|
$this->dataCount = \count($this->data);
|
||||||
|
|
||||||
self::__construct($this->stopwatch, $fileLinkFormat, $charset);
|
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getDumpsCount()
|
public function getDumpsCount()
|
||||||
|
@ -920,6 +920,10 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
|
|||||||
|
|
||||||
public function __wakeup()
|
public function __wakeup()
|
||||||
{
|
{
|
||||||
|
if (\is_object($this->environment) || \is_object($this->debug)) {
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'serialize'))->getDeclaringClass()->name) {
|
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'serialize'))->getDeclaringClass()->name) {
|
||||||
@trigger_error(sprintf('Implementing the "%s::serialize()" method is deprecated since Symfony 4.3.', $c), \E_USER_DEPRECATED);
|
@trigger_error(sprintf('Implementing the "%s::serialize()" method is deprecated since Symfony 4.3.', $c), \E_USER_DEPRECATED);
|
||||||
$this->unserialize($this->serialized);
|
$this->unserialize($this->serialized);
|
||||||
|
@ -35,6 +35,16 @@ class Connection extends AbstractConnection
|
|||||||
/** @var resource */
|
/** @var resource */
|
||||||
private $connection;
|
private $connection;
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$this->disconnect();
|
$this->disconnect();
|
||||||
|
@ -38,6 +38,16 @@ class Query extends AbstractQuery
|
|||||||
parent::__construct($connection, $dn, $query, $options);
|
parent::__construct($connection, $dn, $query, $options);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$con = $this->connection->getResource();
|
$con = $this->connection->getResource();
|
||||||
|
@ -50,6 +50,16 @@ final class Lock implements LockInterface, LoggerAwareInterface
|
|||||||
$this->logger = new NullLogger();
|
$this->logger = new NullLogger();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Automatically releases the underlying lock when the object is destructed.
|
* Automatically releases the underlying lock when the object is destructed.
|
||||||
*/
|
*/
|
||||||
|
@ -35,6 +35,16 @@ class UnixPipes extends AbstractPipes
|
|||||||
parent::__construct($input);
|
parent::__construct($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$this->close();
|
$this->close();
|
||||||
|
@ -88,6 +88,16 @@ class WindowsPipes extends AbstractPipes
|
|||||||
parent::__construct($input);
|
parent::__construct($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$this->close();
|
$this->close();
|
||||||
|
@ -198,6 +198,16 @@ class Process implements \IteratorAggregate
|
|||||||
return $process;
|
return $process;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$this->stop(0);
|
$this->stop(0);
|
||||||
|
@ -36,6 +36,16 @@ class CollectionConfigurator
|
|||||||
$this->parentPrefixes = $parentPrefixes;
|
$this->parentPrefixes = $parentPrefixes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
if (null === $this->prefixes) {
|
if (null === $this->prefixes) {
|
||||||
|
@ -30,6 +30,16 @@ class ImportConfigurator
|
|||||||
$this->route = $route;
|
$this->route = $route;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function __sleep()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __wakeup()
|
||||||
|
{
|
||||||
|
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||||
|
}
|
||||||
|
|
||||||
public function __destruct()
|
public function __destruct()
|
||||||
{
|
{
|
||||||
$this->parent->addCollection($this->route);
|
$this->parent->addCollection($this->route);
|
||||||
|
Reference in New Issue
Block a user