8000 bug #36862 [Security] Unserialize $parentData, if needed, to avoid er… · symfony/symfony@638b200 · GitHub
[go: up one dir, main page]
Skip to content

Commit 638b200

Browse files
nicolas-grekasnicolas-grekas
committed
bug #36862 [Security] Unserialize $parentData, if needed, to avoid errors (rfaivre)
This PR was squashed before being merged into the 4.4 branch. Discussion ---------- [Security] Unserialize $parentData, if needed, to avoid errors Check that the $parentData is an array. If it's a string, the variable is unserialized. Useful to not break the compatibility with the older versions. Bug reproduced when upgrading from 3.4 to 4.4 | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #36813 | License | MIT | Doc PR | symfony/symfony-docs#... <!-- required for new features --> Commits ------- b447433 [Security] Unserialize $parentData, if needed, to avoid errors
2 parents 87c6683 + b447433 commit 638b200

9 files changed

+9
-1
lines changed

src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ public function __serialize(): array
6868
public function __unserialize(array $data): void
6969
{
7070
[$this->secret, $parentData] = $data;
71+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7172
parent::__unserialize($parentData);
7273
}
7374
}

src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@ class PreAuthenticatedToken extends AbstractToken
2626
/**
2727
* @param string|\Stringable|UserInterface $user
2828
* @param mixed $credentials
29-
* @param string $providerKey
3029
* @param string[] $roles
3130
*/
3231
public function __construct($user, $credentials, string $providerKey, array $roles = [])
@@ -88,6 +87,7 @@ public function __serialize(): array
8887
public function __unserialize(array $data): void
8988
{
9089
[$this->credentials, $this->providerKey, $parentData] = $data;
90+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
9191
parent::__unserialize($parentData);
9292
}
9393
}

src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ public function __serialize(): array
101101
public function __unserialize(array $data): void
102102
{
103103
[$this->secret, $this->providerKey, $parentData] = $data;
104+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
104105
parent::__unserialize($parentData);
105106
}
106107
}

src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ public function __serialize(): array
5454
public function __unserialize(array $data): void
5555
{
5656
[$this->originalToken, $parentData] = $data;
57+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
5758
parent::__unserialize($parentData);
5859
}
5960
}

src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ public function __serialize(): array
9999
public function __unserialize(array $data): void
100100
{
101101
[$this->credentials, $this->providerKey, $parentData] = $data;
102+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
102103
parent::__unserialize($parentData);
103104
}
104105
}

src/Symfony/Component/Security/Core/Exception/AccountStatusException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ public function __serialize(): array
5353
public function __unserialize(array $data): void
5454
{
5555
[$this->user, $parentData] = $data;
56+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
5657
parent::__unserialize($parentData);
5758
}
5859
}

src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ public function __serialize(): array
6969
public function __unserialize(array $data): void
7070
{
7171
[$parentData, $this->messageKey, $this->messageData] = $data;
72+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7273
parent::__unserialize($parentData);
7374
}
7475
}

src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ public function __serialize(): array
7171
public function __unserialize(array $data): void
7272
{
7373
[$this->username, $parentData] = $data;
74+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7475
parent::__unserialize($parentData);
7576
}
7677
}

src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@ public function __serialize(): array
8383
public function __unserialize(array $data): void
8484
{
8585
[$this->providerKey, $parentData] = $data;
86+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
8687
parent::__unserialize($parentData);
8788
}
8889
}

0 commit comments

Comments
 (0)
0