Skip to content

Commit 021c219

Browse files
committed
Hardening Security - Unserialize DumpDataCollector
1 parent 835cfc2 commit 021c219

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

DataCollector/DumpDataCollector.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,11 @@ public function __wakeup()
183183
$charset = array_pop($this->data);
184184
$fileLinkFormat = array_pop($this->data);
185185
$this->dataCount = \count($this->data);
186+
foreach ($this->data as $dump) {
187+
if (!\is_string($dump['name']) || !\is_string($dump['file']) || !\is_int($dump['line'])) {
188+
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
189+
}
190+
}
186191

187192
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
188193
}
@@ -257,7 +262,7 @@ public function __destruct()
257262
}
258263
}
259264

260-
private function doDump(DataDumperInterface $dumper, $data, string $name, string $file, int $line)
265+
private function doDump(DataDumperInterface $dumper, Data $data, string $name, string $file, int $line)
261266
{
262267
if ($dumper instanceof CliDumper) {
263268
$contextDumper = function ($name, $file, $line, $fmt) {

0 commit comments

Comments
 (0)