From 847d6dc8f367135a10bc783c8890eddf170f4f50 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Mon, 24 Feb 2020 15:33:45 +0100 Subject: [PATCH] prevent method calls on null values --- .../Component/Serializer/Encoder/XmlEncoder.php | 11 ++++++++++- .../Serializer/Normalizer/ArrayDenormalizer.php | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Serializer/Encoder/XmlEncoder.php b/src/Symfony/Component/Serializer/Encoder/XmlEncoder.php index c1e110913047..dada438e29d7 100644 --- a/src/Symfony/Component/Serializer/Encoder/XmlEncoder.php +++ b/src/Symfony/Component/Serializer/Encoder/XmlEncoder.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Serializer\Encoder; +use Symfony\Component\Serializer\Exception\BadMethodCallException; use Symfony\Component\Serializer\Exception\NotEncodableValueException; /** @@ -375,7 +376,7 @@ private function buildXml(\DOMNode $parentNode, $data, $xmlRootNodeName = null) { $append = true; - if (\is_array($data) || ($data instanceof \Traversable && !$this->serializer->supportsNormalization($data, $this->format))) { + if (\is_array($data) || ($data instanceof \Traversable && (null === $this->serializer || !$this->serializer->supportsNormalization($data, $this->format)))) { foreach ($data as $key => $data) { //Ah this is the magic @ attribute types. if (0 === strpos($key, '@') && $this->isElementNameValid($attributeName = substr($key, 1))) { @@ -410,6 +411,10 @@ private function buildXml(\DOMNode $parentNode, $data, $xmlRootNodeName = null) } if (\is_object($data)) { + if (null === $this->serializer) { + throw new BadMethodCallException(sprintf('The serializer needs to be set to allow %s() to be used with object data.', __METHOD__)); + } + $data = $this->serializer->normalize($data, $this->format, $this->context); if (null !== $data && !is_scalar($data)) { return $this->buildXml($parentNode, $data, $xmlRootNodeName); @@ -484,6 +489,10 @@ private function selectNodeType(\DOMNode $node, $val) } elseif ($val instanceof \Traversable) { $this->buildXml($node, $val); } elseif (\is_object($val)) { + if (null === $this->serializer) { + throw new BadMethodCallException(sprintf('The serializer needs to be set to allow %s() to be used with object data.', __METHOD__)); + } + return $this->selectNodeType($node, $this->serializer->normalize($val, $this->format, $this->context)); } elseif (is_numeric($val)) { return $this->appendText($node, (string) $val); diff --git a/src/Symfony/Component/Serializer/Normalizer/ArrayDenormalizer.php b/src/Symfony/Component/Serializer/Normalizer/ArrayDenormalizer.php index 93d6fc009b33..702b8bfecdfa 100644 --- a/src/Symfony/Component/Serializer/Normalizer/ArrayDenormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/ArrayDenormalizer.php @@ -68,6 +68,10 @@ public function denormalize($data, $type, $format = null, array $context = []) */ public function supportsDenormalization($data, $type, $format = null/*, array $context = []*/) { + if (null === $this->serializer) { + throw new BadMethodCallException(sprintf('The serializer needs to be set to allow %s() to be used.', __METHOD__)); + } + $context = \func_num_args() > 3 ? func_get_arg(3) : []; return '[]' === substr($type, -2)