diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
00d20ead28
symfony/src/Symfony/Component/Routing
History
Fabien Potencier 033c41a6b9 minor #21090 Secure unserialize by restricting allowed classes when using PHP 7 (dbrumann) 
This PR was merged into the 3.3-dev branch.

Discussion
----------

Secure unserialize by restricting allowed classes when using PHP 7

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | ---
| License       | MIT
| Doc PR        | ---

While playing around with Symfony in a PHP 7.1 application I noticed a warning in how EnvParameterResoure uses unserialize. Since PHP 7.0 introduced the options argument which allows to restrict which classes can be unserialized for better security, it might make sense to use it here. As far as I can tell this is no BC break, it only provides an additional safety mechanism.

Commits
-------

b4201810b9 Conditionally add options to unserialize in PHP 7.0+.
2017-02-12 20:14:59 +01:00
..
Annotation Merge branch '2.8' into 3.0 2016-06-29 07:40:00 +02:00
Exception remove api tags from code 2015-09-28 19:11:22 +02:00
Generator [Routing] Fixed route generation with fragment defined as defaults 2016-09-21 17:48:58 +03:00
Loader Merge branch '3.1' into 3.2 2017-01-27 18:37:08 -08:00
Matcher Merge branch '3.1' into 3.2 2017-01-02 15:57:35 +01:00
Tests Merge branch '3.1' into 3.2 2017-01-21 09:06:35 -08:00
.gitignore
CHANGELOG.md [Routing] Add seamless support for unicode requirements 2016-08-25 11:23:01 +02:00
CompiledRoute.php Conditionally add options to unserialize in PHP 7.0+. 2016-12-29 19:41:55 +01:00
composer.json updated version to 3.3 2016-11-19 12:35:20 -08:00
LICENSE updated LICENSE year 2017-01-02 12:30:00 -08:00
phpunit.xml.dist Add missing exclusions from phpunit.xml.dist 2015-11-18 09:19:46 +01:00
README.md Updated all the README files 2016-03-04 08:12:06 +01:00
RequestContext.php fixed @return when returning this or static 2016-12-27 08:23:47 +01:00
RequestContextAwareInterface.php remove api tags from code 2015-09-28 19:11:22 +02:00
Route.php minor #21090 Secure unserialize by restricting allowed classes when using PHP 7 (dbrumann) 2017-02-12 20:14:59 +01:00
RouteCollection.php add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support 2016-06-17 14:42:34 +02:00
RouteCollectionBuilder.php Merge branch '2.8' into 3.1 2016-12-29 22:40:29 +01:00
RouteCompiler.php Merge branch '3.1' into 3.2 2016-11-25 13:32:42 +01:00
RouteCompilerInterface.php
Router.php Merge branch '2.8' into 3.1 2016-08-16 07:58:24 -07:00
RouterInterface.php

README.md

Routing Component

The Routing component maps an HTTP request to a set of configuration variables.

Resources