Dont allow unserializing classes with a destructor
This commit is contained in:
Jérémy Derussé
parent
b85611fbd6
commit
facc095944
@ -87,6 +87,12 @@ class AppKernel extends Kernel
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
foreach ($this as $k => $v) {
|
||||
if (\is_object($v)) {
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
}
|
||||
|
||||
$this->__construct($this->varDir, $this->testCase, $this->rootConfig, $this->environment, $this->debug);
|
||||
}
|
||||
|
||||
|
||||
@ -34,6 +34,16 @@ abstract class AbstractConfigurator
|
||||
throw new \BadMethodCallException(sprintf('Call to undefined method "%s::%s()".', static::class, $method));
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks that a value is valid, optionally replacing Definition and Reference configurators by their configure value.
|
||||
*
|
||||
|
||||
@ -76,6 +76,16 @@ class OrderedHashMapIterator implements \Iterator
|
||||
$this->managedCursors[$this->cursorId] = &$this->cursor;
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes the iterator's cursors from the managed cursors of the
|
||||
* corresponding {@link OrderedHashMap} instance.
|
||||
|
||||
@ -123,6 +123,10 @@ abstract class DataCollector implements DataCollectorInterface
|
||||
public function __wakeup()
|
||||
{
|
||||
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'unserialize'))->getDeclaringClass()->name) {
|
||||
if (\is_object($this->data)) {
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
@trigger_error(sprintf('Implementing the "%s::unserialize()" method is deprecated since Symfony 4.3, store all the serialized state in the "data" property instead.', $c), \E_USER_DEPRECATED);
|
||||
$this->unserialize($this->data);
|
||||
}
|
||||
|
||||
@ -184,7 +184,7 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
|
||||
$fileLinkFormat = array_pop($this->data);
|
||||
$this->dataCount = \count($this->data);
|
||||
|
||||
self::__construct($this->stopwatch, $fileLinkFormat, $charset);
|
||||
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
|
||||
}
|
||||
|
||||
public function getDumpsCount()
|
||||
|
||||
@ -920,6 +920,10 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
if (\is_object($this->environment) || \is_object($this->debug)) {
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
if (__CLASS__ !== $c = (new \ReflectionMethod($this, 'serialize'))->getDeclaringClass()->name) {
|
||||
@trigger_error(sprintf('Implementing the "%s::serialize()" method is deprecated since Symfony 4.3.', $c), \E_USER_DEPRECATED);
|
||||
$this->unserialize($this->serialized);
|
||||
|
||||
@ -35,6 +35,16 @@ class Connection extends AbstractConnection
|
||||
/** @var resource */
|
||||
private $connection;
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->disconnect();
|
||||
|
||||
@ -38,6 +38,16 @@ class Query extends AbstractQuery
|
||||
parent::__construct($connection, $dn, $query, $options);
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$con = $this->connection->getResource();
|
||||
|
||||
@ -50,6 +50,16 @@ final class Lock implements LockInterface, LoggerAwareInterface
|
||||
$this->logger = new NullLogger();
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
/**
|
||||
* Automatically releases the underlying lock when the object is destructed.
|
||||
*/
|
||||
|
||||
@ -35,6 +35,16 @@ class UnixPipes extends AbstractPipes
|
||||
parent::__construct($input);
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->close();
|
||||
|
||||
@ -88,6 +88,16 @@ class WindowsPipes extends AbstractPipes
|
||||
parent::__construct($input);
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->close();
|
||||
|
||||
@ -198,6 +198,16 @@ class Process implements \IteratorAggregate
|
||||
return $process;
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->stop(0);
|
||||
|
||||
@ -36,6 +36,16 @@ class CollectionConfigurator
|
||||
$this->parentPrefixes = $parentPrefixes;
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
if (null === $this->prefixes) {
|
||||
|
||||
@ -30,6 +30,16 @@ class ImportConfigurator
|
||||
$this->route = $route;
|
||||
}
|
||||
|
||||
public function __sleep()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __wakeup()
|
||||
{
|
||||
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
|
||||
}
|
||||
|
||||
public function __destruct()
|
||||
{
|
||||
$this->parent->addCollection($this->route);
|
||||
|
||||
Reference in New Issue
Block a user