8000 [Security] Unserialize $parentData, if needed, to be sure the parentD… · symfony/symfony@782f996 · GitHub
[go: up one dir, main page]
Skip to content

Commit 782f996

Browse files
rfaivrerfaivre
committed
[Security] Unserialize $parentData, if needed, to be sure the parentData variable is an array
Add check on every __unserialize() function
1 parent 230a1f7 commit 782f996

8 files changed

+8
-0
lines changed

src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ public function __serialize(): array
6868
public function __unserialize(array $data): void
6969
{
7070
[$this->secret, $parentData] = $data;
71+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7172
parent::__unserialize($parentData);
7273
}
7374
}

src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,7 @@ public function __serialize(): array
8888
public function __unserialize(array $data): void
8989
{
9090
[$this->credentials, $this->providerKey, $parentData] = $data;
91+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
9192
parent::__unserialize($parentData);
9293
}
9394
}

src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ public function __serialize(): array
101101
public function __unserialize(array $data): void
102102
{
103103
[$this->secret, $this->providerKey, $parentData] = $data;
104+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
104105
parent::__unserialize($parentData);
105106
}
106107
}

src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ public function __serialize(): array
5454
public function __unserialize(array $data): void
5555
{
5656
[$this->originalToken, $parentData] = $data;
57+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
5758
parent::__unserialize($parentData);
5859
}
5960
}

src/Symfony/Component/Security/Core/Exception/AccountStatusException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ public function __serialize(): array
5353
public function __unserialize(array $data): void
5454
{
5555
[$this->user, $parentData] = $data;
56+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
5657
parent::__unserialize($parentData);
5758
}
5859
}

src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ public function __serialize(): array
6969
public function __unserialize(array $data): void
7070
{
7171
[$parentData, $this->messageKey, $this->messageData] = $data;
72+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7273
parent::__unserialize($parentData);
7374
}
7475
}

src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ public function __serialize(): array
7171
public function __unserialize(array $data): void
7272
{
7373
[$this->username, $parentData] = $data;
74+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
7475
parent::__unserialize($parentData);
7576
}
7677
}

src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@ public function __serialize(): array
8383
public function __unserialize(array $data): void
8484
{
8585
[$this->providerKey, $parentData] = $data;
86+
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
8687
parent::__unserialize($parentData);
8788
}
8889
}

0 commit comments

Comments
 (0)
0