Skip to content

Commit

Permalink
[Security] Unserialize $parentData, if needed, to be sure the parentD…
Browse files Browse the repository at this point in the history 
…ata variable is an array

Add check on every __unserialize() function
  • Loading branch information
@rfaivre
rfaivre committed May 18, 2020
1 parent 230a1f7 commit 782f996
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
View file
Expand Up @@ -68,6 +68,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->secret, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
View file
Expand Up @@ -88,6 +88,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->credentials, $this->providerKey, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
View file
Expand Up @@ -101,6 +101,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->secret, $this->providerKey, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
View file
Expand Up @@ -54,6 +54,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->originalToken, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Exception/AccountStatusException.php
View file
Expand Up @@ -53,6 +53,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->user, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
View file
Expand Up @@ -69,6 +69,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$parentData, $this->messageKey, $this->messageData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php
View file
Expand Up @@ -71,6 +71,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->username, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php
View file
Expand Up @@ -83,6 +83,7 @@ public function __serialize(): array
public function __unserialize(array $data): void
{
[$this->providerKey, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
}

0 comments on commit 782f996

Please sign in to comment.