composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°9379 - PHP unserialze function - security hardening

Browse Source 
- add unitary test
This commit is contained in:
Benjamin DALSASS
2026-04-13 09:20:44 +02:00
parent 9ba8ba3ad9
commit fa7c8f064e
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/php-unit-tests/unitary-tests/application/utilsTest.php
View File

@@ -23,6 +23,7 @@
namespace Combodo\iTop\Test\UnitTest\Application; namespace Combodo\iTop\Test\UnitTest\Application;
use Combodo\iTop\Test\UnitTest\ItopTestCase; use Combodo\iTop\Test\UnitTest\ItopTestCase;
use CoreException;
use ormDocument; use ormDocument;
use utils; use utils;
@@ -1043,4 +1044,21 @@ INI;
unlink($sTmpFileOutsideItop); unlink($sTmpFileOutsideItop);
} }
public function testUnserialize()
{
// data to unserialize containing an object
$sData = 'a:2:{s:6:"string";s:9:"My string";s:6:"object";O:8:"DateTime":3:{s:4:"date";s:26:"2026-04-13 09:09:23.033175";s:13:"timezone_type";i:3;s:8:"timezone";s:16:"Europe/Amsterdam";}}';
// allow the DateTime object (no exception triggered)
utils::Unserialize($sData, ['allowed_classes' => ['DateTime']]);
// flag to avoid throwing an exception
utils::Unserialize($sData, ['allowed_classes' => false], false);
// flag to require throwing an exception
$this->expectException(CoreException::class);
utils::Unserialize($sData);
}
} }