033c41a6b9
This PR was merged into the 3.3-dev branch.
Discussion
----------
Secure unserialize by restricting allowed classes when using PHP 7
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
While playing around with Symfony in a PHP 7.1 application I noticed a warning in how EnvParameterResoure uses unserialize. Since PHP 7.0 introduced the options argument which allows to restrict which classes can be unserialized for better security, it might make sense to use it here. As far as I can tell this is no BC break, it only provides an additional safety mechanism.
Commits
-------
|
||
---|---|---|
.. | ||
Annotation | ||
Exception | ||
Generator | ||
Loader | ||
Matcher | ||
Tests | ||
.gitignore | ||
CHANGELOG.md | ||
CompiledRoute.php | ||
composer.json | ||
LICENSE | ||
phpunit.xml.dist | ||
README.md | ||
RequestContext.php | ||
RequestContextAwareInterface.php | ||
Route.php | ||
RouteCollection.php | ||
RouteCollectionBuilder.php | ||
RouteCompiler.php | ||
RouteCompilerInterface.php | ||
Router.php | ||
RouterInterface.php |
Routing Component
The Routing component maps an HTTP request to a set of configuration variables.