diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
31,069 Commits 24 Branches 563 Tags 228 MiB
b6fced6261
Commit Graph

7 Commits

Author SHA1 Message Date
Maxime Steinhausser
fad4d9e2ef [DI][Router][DX] Invalidate routing cache when container parameters changed 2017-03-05 20:24:24 +01:00
Fabien Potencier
033c41a6b9 minor #21090 Secure unserialize by restricting allowed classes when using PHP 7 (dbrumann) 
This PR was merged into the 3.3-dev branch.

Discussion
----------

Secure unserialize by restricting allowed classes when using PHP 7

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | ---
| License       | MIT
| Doc PR        | ---

While playing around with Symfony in a PHP 7.1 application I noticed a warning in how EnvParameterResoure uses unserialize. Since PHP 7.0 introduced the options argument which allows to restrict which classes can be unserialized for better security, it might make sense to use it here. As far as I can tell this is no BC break, it only provides an additional safety mechanism.

Commits
-------

b4201810b9 Conditionally add options to unserialize in PHP 7.0+.
 2017-02-12 20:14:59 +01:00
Nicolas Grekas
37e44939ef [DI][Config] Add & use ReflectionClassResource 2017-02-02 14:15:15 +01:00
Denis Brumann
b4201810b9
Conditionally add options to unserialize in PHP 7.0+. 2016-12-29 19:41:55 +01:00
Jules Pietri
0cbf04a77e [DI] fix Autowiring tests of #18144 2016-04-13 08:43:21 +02:00
Jules Pietri
5e7dbae9a3 [DependencyInjection] Fix tests of #18144 2016-04-04 11:35:16 +02:00
Ryan Weaver
3e976267c0 [DI] Only rebuild autowiring cache when actually needed 2016-04-03 09:35:21 +02:00