Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Commitd7cb006
committed
bug#25340 [Serializer] Unset attributes when creating child context (dunglas)
This PR was merged into the 3.3 branch.Discussion----------[Serializer] Unset attributes when creating child context | Q | A | ------------- | --- | Branch? | 3.3 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/aIn some cases, the `attributes` key isn't overrode when creating the context passed to nested normalizers. It's definitely a bug, but an attacker cannot access to non public data (ignored attributes are checked before the `attributes` key). However some data that must be public may be missing as highlighted by the test.I've introduced the initial bug here:#18834Commits-------4ff9d99 [Serializer] Unset attributes when creating child contextFile tree
2 files changed
+12
-0
lines changed- src/Symfony/Component/Serializer
- Normalizer
- Tests/Normalizer
2 files changed
+12
-0
lines changedLines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
402 | 402 | | |
403 | 403 | | |
404 | 404 | | |
| 405 | + | |
| 406 | + | |
405 | 407 | | |
406 | 408 | | |
407 | 409 | | |
| |||
Lines changed: 10 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
673 | 673 | | |
674 | 674 | | |
675 | 675 | | |
| 676 | + | |
| 677 | + | |
| 678 | + | |
| 679 | + | |
| 680 | + | |
| 681 | + | |
| 682 | + | |
| 683 | + | |
| 684 | + | |
| 685 | + | |
676 | 686 | | |
677 | 687 | | |
678 | 688 | | |
| |||
0 commit comments
Comments
(0)