N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)
2026-04-30 22:18:46 +02:00 · 2025-08-06 08:54:56 +02:00
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
--- a/lib/symfony/var-exporter/Internal/LazyObjectRegistry.php
+++ b/lib/symfony/var-exporter/Internal/LazyObjectRegistry.php
@@ -50,6 +50,7 @@ class LazyObjectRegistry
    public static function getClassResetters($class)
    {
        $classProperties = [];
+        $hookedProperties = [];

        if ((self::$classReflectors[$class] ??= new \ReflectionClass($class))->isInternal()) {
            $propertyScopes = [];
@@ -57,11 +58,17 @@ class LazyObjectRegistry
            $propertyScopes = Hydrator::$propertyScopes[$class] ??= Hydrator::getPropertyScopes($class);
        }

-        foreach ($propertyScopes as $key => [$scope, $name, $readonlyScope]) {
+        foreach ($propertyScopes as $key => [$scope, $name, $writeScope, $access]) {
            $propertyScopes[$k = "\0$scope\0$name"] ?? $propertyScopes[$k = "\0*\0$name"] ?? $k = $name;

-            if ($k === $key && "\0$class\0lazyObjectState" !== $k) {
-                $classProperties[$readonlyScope ?? $scope][$name] = $key;
+            if ($k !== $key || "\0$class\0lazyObjectState" === $k) {
+                continue;
+            }
+
+            if ($access & Hydrator::PROPERTY_HAS_HOOKS) {
+                $hookedProperties[$k] = true;
+            } else {
+                $classProperties[$writeScope ?? $scope][$name] = $key;
            }
        }

@@ -76,9 +83,13 @@ class LazyObjectRegistry
            }, null, $scope);
        }

-        $resetters[] = static function ($instance, $skippedProperties, $onlyProperties = null) {
+        $resetters[] = static function ($instance, $skippedProperties, $onlyProperties = null) use ($hookedProperties) {
            foreach ((array) $instance as $name => $value) {
-                if ("\0" !== ($name[0] ?? '') && !\array_key_exists($name, $skippedProperties) && (null === $onlyProperties || \array_key_exists($name, $onlyProperties))) {
+                if ("\0" !== ($name[0] ?? '')
+                    && !\array_key_exists($name, $skippedProperties)
+                    && (null === $onlyProperties || \array_key_exists($name, $onlyProperties))
+                    && !isset($hookedProperties[$name])
+                ) {
                    unset($instance->$name);
                }
            }
@@ -90,8 +101,8 @@ class LazyObjectRegistry
    public static function getClassAccessors($class)
    {
        return \Closure::bind(static fn () => [
-            'get' => static function &($instance, $name, $readonly) {
-                if (!$readonly) {
+            'get' => static function &($instance, $name, $notByRef) {
+                if (!$notByRef) {
                    return $instance->$name;
                }
                $value = $instance->$name;
@@ -127,9 +138,9 @@ class LazyObjectRegistry
        return $methods;
    }

-    public static function getScope($propertyScopes, $class, $property, $readonlyScope = null)
+    public static function getScopeForRead($propertyScopes, $class, $property)
    {
-        if (null === $readonlyScope && !isset($propertyScopes[$k = "\0$class\0$property"]) && !isset($propertyScopes[$k = "\0*\0$property"])) {
+        if (!isset($propertyScopes[$k = "\0$class\0$property"]) && !isset($propertyScopes[$k = "\0*\0$property"])) {
            return null;
        }
        $frame = debug_backtrace(\DEBUG_BACKTRACE_PROVIDE_OBJECT | \DEBUG_BACKTRACE_IGNORE_ARGS, 3)[2];
@@ -137,7 +148,27 @@ class LazyObjectRegistry
        if (\ReflectionProperty::class === $scope = $frame['class'] ?? \Closure::class) {
            $scope = $frame['object']->class;
        }
-        if (null === $readonlyScope && '*' === $k[1] && ($class === $scope || (is_subclass_of($class, $scope) && !isset($propertyScopes["\0$scope\0$property"])))) {
+        if ('*' === $k[1] && ($class === $scope || (is_subclass_of($class, $scope) && !isset($propertyScopes["\0$scope\0$property"])))) {
+            return null;
+        }
+
+        return $scope;
+    }
+
+    public static function getScopeForWrite($propertyScopes, $class, $property, $flags)
+    {
+        if (!($flags & (\ReflectionProperty::IS_PRIVATE | \ReflectionProperty::IS_PROTECTED | \ReflectionProperty::IS_READONLY | (\PHP_VERSION_ID >= 80400 ? \ReflectionProperty::IS_PRIVATE_SET | \ReflectionProperty::IS_PROTECTED_SET : 0)))) {
+            return null;
+        }
+        $frame = debug_backtrace(\DEBUG_BACKTRACE_PROVIDE_OBJECT | \DEBUG_BACKTRACE_IGNORE_ARGS, 3)[2];
+
+        if (\ReflectionProperty::class === $scope = $frame['class'] ?? \Closure::class) {
+            $scope = $frame['object']->class;
+        }
+        if ($flags & (\ReflectionProperty::IS_PRIVATE | (\PHP_VERSION_ID >= 80400 ? \ReflectionProperty::IS_PRIVATE_SET : \ReflectionProperty::IS_READONLY))) {
+            return $scope;
+        }
+        if ($flags & (\ReflectionProperty::IS_PROTECTED | (\PHP_VERSION_ID >= 80400 ? \ReflectionProperty::IS_PROTECTED_SET : 0)) && ($class === $scope || (is_subclass_of($class, $scope) && !isset($propertyScopes["\0$scope\0$property"])))) {
            return null;
        }