Skip to content

Commit 84d3b1a

Browse files
Merge branch '4.4' into 5.2
* 4.4: [Console] minor fix [Validator] Avoid triggering the autoloader for user-input values Hardening Security - Unserialize DumpDataCollector [HttpClient] remove using $http_response_header [Security] Handle properly 'auto' option for remember me cookie security
2 parents 12485b0 + 021c219 commit 84d3b1a

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

DataCollector/DumpDataCollector.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,11 @@ public function __wakeup()
178178
$charset = array_pop($this->data);
179179
$fileLinkFormat = array_pop($this->data);
180180
$this->dataCount = \count($this->data);
181+
foreach ($this->data as $dump) {
182+
if (!\is_string($dump['name']) || !\is_string($dump['file']) || !\is_int($dump['line'])) {
183+
throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
184+
}
185+
}
181186

182187
self::__construct($this->stopwatch, \is_string($fileLinkFormat) || $fileLinkFormat instanceof FileLinkFormatter ? $fileLinkFormat : null, \is_string($charset) ? $charset : null);
183188
}
@@ -252,7 +257,7 @@ public function __destruct()
252257
}
253258
}
254259

255-
private function doDump(DataDumperInterface $dumper, $data, string $name, string $file, int $line)
260+
private function doDump(DataDumperInterface $dumper, Data $data, string $name, string $file, int $line)
256261
{
257262
if ($dumper instanceof CliDumper) {
258263
$contextDumper = function ($name, $file, $line, $fmt) {

0 commit comments

Comments
 (0)