composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-28 21:18:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/symfony/var-exporter/Internal/LazyObjectState.php
View File

@@ -45,7 +45,7 @@ class LazyObjectState
$this->status = \is_array($initializer) ? self::STATUS_UNINITIALIZED_PARTIAL : self::STATUS_UNINITIALIZED_FULL;
}
public function initialize($instance, $propertyName, $propertyScope)
public function initialize($instance, $propertyName, $writeScope)
{
if (self::STATUS_INITIALIZED_FULL === $this->status) {
return self::STATUS_INITIALIZED_FULL;
@@ -53,13 +53,13 @@ class LazyObjectState
if (\is_array($this->initializer)) {
$class = $instance::class;
$propertyScope ??= $class;
$writeScope ??= $class;
$propertyScopes = Hydrator::$propertyScopes[$class];
$propertyScopes[$k = "\0$propertyScope\0$propertyName"] ?? $propertyScopes[$k = "\0*\0$propertyName"] ?? $k = $propertyName;
$propertyScopes[$k = "\0$writeScope\0$propertyName"] ?? $propertyScopes[$k = "\0*\0$propertyName"] ?? $k = $propertyName;
if ($initializer = $this->initializer[$k] ?? null) {
$value = $initializer(...[$instance, $propertyName, $propertyScope, LazyObjectRegistry::$defaultProperties[$class][$k] ?? null]);
$accessor = LazyObjectRegistry::$classAccessors[$propertyScope] ??= LazyObjectRegistry::getClassAccessors($propertyScope);
$value = $initializer(...[$instance, $propertyName, $writeScope, LazyObjectRegistry::$defaultProperties[$class][$k] ?? null]);
$accessor = LazyObjectRegistry::$classAccessors[$writeScope] ??= LazyObjectRegistry::getClassAccessors($writeScope);
$accessor['set']($instance, $propertyName, $value);
return $this->status = self::STATUS_INITIALIZED_PARTIAL;
@@ -71,8 +71,8 @@ class LazyObjectState
}
$properties = (array) $instance;
foreach ($values as $key => $value) {
if (!\array_key_exists($key, $properties) && [$scope, $name, $readonlyScope] = $propertyScopes[$key] ?? null) {
$scope = $readonlyScope ?? ('*' !== $scope ? $scope : $class);
if (!\array_key_exists($key, $properties) && [$scope, $name, $writeScope] = $propertyScopes[$key] ?? null) {
$scope = $writeScope ?? $scope;
$accessor = LazyObjectRegistry::$classAccessors[$scope] ??= LazyObjectRegistry::getClassAccessors($scope);
$accessor['set']($instance, $name, $value);
@@ -116,10 +116,10 @@ class LazyObjectState
$properties = (array) $instance;
$onlyProperties = \is_array($this->initializer) ? $this->initializer : null;
foreach ($propertyScopes as $key => [$scope, $name, $readonlyScope]) {
foreach ($propertyScopes as $key => [$scope, $name, , $access]) {
$propertyScopes[$k = "\0$scope\0$name"] ?? $propertyScopes[$k = "\0*\0$name"] ?? $k = $name;
if ($k === $key && (null !== $readonlyScope || !\array_key_exists($k, $properties))) {
if ($k === $key && ($access & Hydrator::PROPERTY_HAS_HOOKS || ($access >> 2) & \ReflectionProperty::IS_READONLY || !\array_key_exists($k, $properties))) {
$skippedProperties[$k] = true;
}
}