From b447433b67d8546eadea3c8dbd40aaf0d1f004bf Mon Sep 17 00:00:00 2001
From: rfaivre <rfaivre91@gmail.com>
Date: Mon, 18 May 2020 20:54:16 +0200
Subject: [PATCH] [Security] Unserialize $parentData, if needed, to avoid
 errors

---
 .../Security/Core/Authentication/Token/AnonymousToken.php       | 1 +
 .../Core/Authentication/Token/PreAuthenticatedToken.php         | 2 +-
 .../Security/Core/Authentication/Token/RememberMeToken.php      | 1 +
 .../Security/Core/Authentication/Token/SwitchUserToken.php      | 1 +
 .../Core/Authentication/Token/UsernamePasswordToken.php         | 1 +
 .../Security/Core/Exception/AccountStatusException.php          | 1 +
 .../Core/Exception/CustomUserMessageAuthenticationException.php | 1 +
 .../Security/Core/Exception/UsernameNotFoundException.php       | 1 +
 .../Security/Guard/Token/PostAuthenticationGuardToken.php       | 1 +
 9 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
index 8c658060ad4a..db94766d3f16 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
@@ -68,6 +68,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->secret, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
index eb20f7fe6bbd..80ac0fff38df 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
@@ -26,7 +26,6 @@ class PreAuthenticatedToken extends AbstractToken
     /**
      * @param string|\Stringable|UserInterface $user
      * @param mixed                            $credentials
-     * @param string                           $providerKey
      * @param string[]                         $roles
      */
     public function __construct($user, $credentials, string $providerKey, array $roles = [])
@@ -88,6 +87,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->credentials, $this->providerKey, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
index 403e3ae8803d..13d3314534a2 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
@@ -101,6 +101,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->secret, $this->providerKey, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
index 4177cee658f6..4390d68a6e5c 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
@@ -54,6 +54,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->originalToken, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
index bf35c98d5580..fb1c2b33bb1e 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
@@ -99,6 +99,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->credentials, $this->providerKey, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Exception/AccountStatusException.php b/src/Symfony/Component/Security/Core/Exception/AccountStatusException.php
index f3fa661c31f4..1b4e818a1157 100644
--- a/src/Symfony/Component/Security/Core/Exception/AccountStatusException.php
+++ b/src/Symfony/Component/Security/Core/Exception/AccountStatusException.php
@@ -53,6 +53,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->user, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php b/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
index 203e8ba133da..879012c65f61 100644
--- a/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
+++ b/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
@@ -69,6 +69,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$parentData, $this->messageKey, $this->messageData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php b/src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php
index 31dd486eec12..10c78b2056ae 100644
--- a/src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php
+++ b/src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php
@@ -71,6 +71,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->username, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }
diff --git a/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php
index 1c58199c5b0f..511f455531ec 100644
--- a/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php
+++ b/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php
@@ -83,6 +83,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$this->providerKey, $parentData] = $data;
+        $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
         parent::__unserialize($parentData);
     }
 }