MAGETWO-32382: Review and fix all deserialization in Magento

- Rename __distruct() into distruct() in vulnerable classes
- Add register_shutdown_function(array($this, 'distruct')) into __construct()

Author: Viktor Tymchynskyi

app/code/Magento/ImportExport/Model/Export/Adapter/Csv.php

@@ -33,10 +33,21 @@ class Csv extends \Magento\ImportExport\Model\Export\Adapter\AbstractAdapter
      */
     protected $_fileHandler;
 
+    /**
+     * {@inheritdoc }
+     */
+    public function __construct(\Magento\Framework\Filesystem $filesystem, $destination = null)
+    {
+        register_shutdown_function([$this, 'destruct']);
+        parent::__construct($filesystem, $destination);
+    }
+
     /**
      * Object destructor.
+     *
+     * @return void
      */
-    public function __destruct()
+    public function destruct()
     {
         if (is_object($this->_fileHandler)) {
             $this->_fileHandler->close();

app/code/Magento/ImportExport/Model/Import/Source/Csv.php

@@ -44,6 +44,7 @@ public function __construct(
         $delimiter = ',',
         $enclosure = '"'
     ) {
+        register_shutdown_function([$this, 'destruct']);
         try {
             $this->_file = $directory->openFile($directory->getRelativePath($file), 'r');
         } catch (\Magento\Framework\Exception\FileSystemException $e) {
@@ -58,8 +59,10 @@ public function __construct(
 
     /**
      * Close file handle
+     *
+     * @return void
      */
-    public function __destruct()
+    public function destruct()
     {
         if (is_object($this->_file)) {
             $this->_file->close();