Merge branch '4.2'

nicolas-grekas · nicolas-grekas · commit be159ab6ebf9 · 2019-01-29T10:50:57.000+01:00
* 4.2:
  [Routing] dont redirect routes with greedy trailing vars with no explicit slash
  skip native serialize among child and parent serializable objects
  [Routing] backport tests from 4.1
  [MonologBridge] Remove unused local variable
  Remove unreachable code
  Add PackageNameTest to ConfigurationTest also add in the changelog the corresponding entry to this PR
  Support use of hyphen in asset package name
  Fix format strings for deprecation notices
  Remove a harmless duplicate array key from VarDumper
  [VarDumper] Fixed search bar
  Remove gendered pronouns
  Replace gender by eye color in tests
  [Security] dont do nested calls to serialize()
diff --git a/Authentication/Token/AbstractToken.php b/Authentication/Token/AbstractToken.php
@@ -136,22 +136,17 @@ public function eraseCredentials()
      */
     public function serialize()
     {
-        return serialize(
-            [
-                \is_object($this->user) ? clone $this->user : $this->user,
-                $this->authenticated,
-                array_map(function ($role) { return clone $role; }, $this->roles),
-                $this->attributes,
-            ]
-        );
+        $serialized = [$this->user, $this->authenticated, $this->roles, $this->attributes];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($serialized)
     {
-        list($this->user, $this->authenticated, $this->roles, $this->attributes) = unserialize($serialized);
+        list($this->user, $this->authenticated, $this->roles, $this->attributes) = \is_array($serialized) ? $serialized : unserialize($serialized);
     }
 
     /**
@@ -231,6 +226,19 @@ public function __toString()
         return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles));
     }
 
+    /**
+     * @internal
+     */
+    protected function doSerialize($serialized, $isCalledFromOverridingMethod)
+    {
+        if (null === $isCalledFromOverridingMethod) {
+            $trace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 3);
+            $isCalledFromOverridingMethod = isset($trace[2]['function'], $trace[2]['object']) && 'serialize' === $trace[2]['function'] && $this === $trace[2]['object'];
+        }
+
+        return $isCalledFromOverridingMethod ? $serialized : serialize($serialized);
+    }
+
     private function hasUserChanged(UserInterface $user)
     {
         if (!($this->user instanceof UserInterface)) {
diff --git a/Authentication/Token/AnonymousToken.php b/Authentication/Token/AnonymousToken.php
@@ -59,15 +59,17 @@ public function getSecret()
      */
     public function serialize()
     {
-        return serialize([$this->secret, parent::serialize()]);
+        $serialized = [$this->secret, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($serialized)
     {
-        list($this->secret, $parentStr) = unserialize($serialized);
+        list($this->secret, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);
         parent::unserialize($parentStr);
     }
 }
diff --git a/Authentication/Token/PreAuthenticatedToken.php b/Authentication/Token/PreAuthenticatedToken.php
@@ -79,15 +79,17 @@ public function eraseCredentials()
      */
     public function serialize()
     {
-        return serialize([$this->credentials, $this->providerKey, parent::serialize()]);
+        $serialized = [$this->credentials, $this->providerKey, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($str)
     {
-        list($this->credentials, $this->providerKey, $parentStr) = unserialize($str);
+        list($this->credentials, $this->providerKey, $parentStr) = \is_array($str) ? $str : unserialize($str);
         parent::unserialize($parentStr);
     }
 }
diff --git a/Authentication/Token/RememberMeToken.php b/Authentication/Token/RememberMeToken.php
@@ -94,19 +94,17 @@ public function getCredentials()
      */
     public function serialize()
     {
-        return serialize([
-            $this->secret,
-            $this->providerKey,
-            parent::serialize(),
-        ]);
+        $serialized = [$this->secret, $this->providerKey, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($serialized)
     {
-        list($this->secret, $this->providerKey, $parentStr) = unserialize($serialized);
+        list($this->secret, $this->providerKey, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);
         parent::unserialize($parentStr);
     }
 }
diff --git a/Authentication/Token/UsernamePasswordToken.php b/Authentication/Token/UsernamePasswordToken.php
@@ -91,15 +91,17 @@ public function eraseCredentials()
      */
     public function serialize()
     {
-        return serialize([$this->credentials, $this->providerKey, parent::serialize()]);
+        $serialized = [$this->credentials, $this->providerKey, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($serialized)
     {
-        list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);
+        list($this->credentials, $this->providerKey, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);
         parent::unserialize($parentStr);
     }
 }
diff --git a/Exception/AccountStatusException.php b/Exception/AccountStatusException.php
@@ -44,18 +44,17 @@ public function setUser(UserInterface $user)
      */
     public function serialize()
     {
-        return serialize([
-            $this->user,
-            parent::serialize(),
-        ]);
+        $serialized = [$this->user, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($str)
     {
-        list($this->user, $parentData) = unserialize($str);
+        list($this->user, $parentData) = \is_array($str) ? $str : unserialize($str);
 
         parent::unserialize($parentData);
     }
diff --git a/Exception/AuthenticationException.php b/Exception/AuthenticationException.php
@@ -38,15 +38,33 @@ public function setToken(TokenInterface $token)
         $this->token = $token;
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function serialize()
     {
-        return serialize([
+        $serialized = [
             $this->token,
             $this->code,
             $this->message,
             $this->file,
             $this->line,
-        ]);
+        ];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
+    }
+
+    /**
+     * @internal
+     */
+    protected function doSerialize($serialized, $isCalledFromOverridingMethod)
+    {
+        if (null === $isCalledFromOverridingMethod) {
+            $trace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 3);
+            $isCalledFromOverridingMethod = isset($trace[2]['function'], $trace[2]['object']) && 'serialize' === $trace[2]['function'] && $this === $trace[2]['object'];
+        }
+
+        return $isCalledFromOverridingMethod ? $serialized : serialize($serialized);
     }
 
     public function unserialize($str)
@@ -57,7 +75,7 @@ public function unserialize($str)
             $this->message,
             $this->file,
             $this->line
-        ) = unserialize($str);
+        ) = \is_array($str) ? $str : unserialize($str);
     }
 
     /**
diff --git a/Exception/CustomUserMessageAuthenticationException.php b/Exception/CustomUserMessageAuthenticationException.php
@@ -60,19 +60,17 @@ public function getMessageData()
      */
     public function serialize()
     {
-        return serialize([
-            parent::serialize(),
-            $this->messageKey,
-            $this->messageData,
-        ]);
+        return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($str)
     {
-        list($parentData, $this->messageKey, $this->messageData) = unserialize($str);
+        list($parentData, $this->messageKey, $this->messageData) = \is_array($str) ? $str : unserialize($str);
 
         parent::unserialize($parentData);
     }
diff --git a/Exception/UsernameNotFoundException.php b/Exception/UsernameNotFoundException.php
@@ -54,18 +54,17 @@ public function setUsername($username)
      */
     public function serialize()
     {
-        return serialize([
-            $this->username,
-            parent::serialize(),
-        ]);
+        $serialized = [$this->username, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**
      * {@inheritdoc}
      */
     public function unserialize($str)
     {
-        list($this->username, $parentData) = unserialize($str);
+        list($this->username, $parentData) = \is_array($str) ? $str : unserialize($str);
 
         parent::unserialize($parentData);
     }
diff --git a/Tests/Authentication/Token/AbstractTokenTest.php b/Tests/Authentication/Token/AbstractTokenTest.php
@@ -43,9 +43,14 @@ public function __construct($user, array $roles = [])
         $this->setUser($user);
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function serialize()
     {
-        return serialize([$this->credentials, parent::serialize()]);
+        $serialized = [$this->credentials, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     public function unserialize($serialized)
diff --git a/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php b/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Tests\Exception;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 
 class CustomUserMessageAuthenticationExceptionTest extends TestCase
@@ -24,4 +25,18 @@ public function testConstructWithSAfeMessage()
         $this->assertEquals(['foo' => true], $e->getMessageData());
         $this->assertEquals('SAFE MESSAGE', $e->getMessage());
     }
+
+    public function testSharedSerializedData()
+    {
+        $token = new AnonymousToken('foo', 'bar');
+
+        $exception = new CustomUserMessageAuthenticationException();
+        $exception->setToken($token);
+        $exception->setSafeMessage('message', ['token' => $token]);
+
+        $processed = unserialize(serialize($exception));
+        $this->assertEquals($token, $processed->getToken());
+        $this->assertEquals($token, $processed->getMessageData()['token']);
+        $this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -59,15 +59,17 @@ public function getSecret()`
`59`	`59`	`*/`
`60`	`60`	`public function serialize()`
`61`	`61`	`{`
`62`		`- return serialize([$this->secret, parent::serialize()]);`
	`62`	`+ $serialized = [$this->secret, parent::serialize(true)];`
	`63`	`+`
	`64`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`63`	`65`	`}`
`64`	`66`
`65`	`67`	`/**`
`66`	`68`	`* {@inheritdoc}`
`67`	`69`	`*/`
`68`	`70`	`public function unserialize($serialized)`
`69`	`71`	`{`
`70`		`- list($this->secret, $parentStr) = unserialize($serialized);`
	`72`	`+ list($this->secret, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);`
`71`	`73`	`parent::unserialize($parentStr);`
`72`	`74`	`}`
`73`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -79,15 +79,17 @@ public function eraseCredentials()`
`79`	`79`	`*/`
`80`	`80`	`public function serialize()`
`81`	`81`	`{`
`82`		`- return serialize([$this->credentials, $this->providerKey, parent::serialize()]);`
	`82`	`+ $serialized = [$this->credentials, $this->providerKey, parent::serialize(true)];`
	`83`	`+`
	`84`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`83`	`85`	`}`
`84`	`86`
`85`	`87`	`/**`
`86`	`88`	`* {@inheritdoc}`
`87`	`89`	`*/`
`88`	`90`	`public function unserialize($str)`
`89`	`91`	`{`
`90`		`- list($this->credentials, $this->providerKey, $parentStr) = unserialize($str);`
	`92`	`+ list($this->credentials, $this->providerKey, $parentStr) = \is_array($str) ? $str : unserialize($str);`
`91`	`93`	`parent::unserialize($parentStr);`
`92`	`94`	`}`
`93`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -94,19 +94,17 @@ public function getCredentials()`
`94`	`94`	`*/`
`95`	`95`	`public function serialize()`
`96`	`96`	`{`
`97`		`- return serialize([`
`98`		`- $this->secret,`
`99`		`- $this->providerKey,`
`100`		`- parent::serialize(),`
`101`		`- ]);`
	`97`	`+ $serialized = [$this->secret, $this->providerKey, parent::serialize(true)];`
	`98`	`+`
	`99`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`102`	`100`	`}`
`103`	`101`
`104`	`102`	`/**`
`105`	`103`	`* {@inheritdoc}`
`106`	`104`	`*/`
`107`	`105`	`public function unserialize($serialized)`
`108`	`106`	`{`
`109`		`- list($this->secret, $this->providerKey, $parentStr) = unserialize($serialized);`
	`107`	`+ list($this->secret, $this->providerKey, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);`
`110`	`108`	`parent::unserialize($parentStr);`
`111`	`109`	`}`
`112`	`110`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,15 +91,17 @@ public function eraseCredentials()`
`91`	`91`	`*/`
`92`	`92`	`public function serialize()`
`93`	`93`	`{`
`94`		`- return serialize([$this->credentials, $this->providerKey, parent::serialize()]);`
	`94`	`+ $serialized = [$this->credentials, $this->providerKey, parent::serialize(true)];`
	`95`	`+`
	`96`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`95`	`97`	`}`
`96`	`98`
`97`	`99`	`/**`
`98`	`100`	`* {@inheritdoc}`
`99`	`101`	`*/`
`100`	`102`	`public function unserialize($serialized)`
`101`	`103`	`{`
`102`		`- list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);`
	`104`	`+ list($this->credentials, $this->providerKey, $parentStr) = \is_array($serialized) ? $serialized : unserialize($serialized);`
`103`	`105`	`parent::unserialize($parentStr);`
`104`	`106`	`}`
`105`	`107`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,18 +44,17 @@ public function setUser(UserInterface $user)`
`44`	`44`	`*/`
`45`	`45`	`public function serialize()`
`46`	`46`	`{`
`47`		`- return serialize([`
`48`		`- $this->user,`
`49`		`- parent::serialize(),`
`50`		`- ]);`
	`47`	`+ $serialized = [$this->user, parent::serialize(true)];`
	`48`	`+`
	`49`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`51`	`50`	`}`
`52`	`51`
`53`	`52`	`/**`
`54`	`53`	`* {@inheritdoc}`
`55`	`54`	`*/`
`56`	`55`	`public function unserialize($str)`
`57`	`56`	`{`
`58`		`- list($this->user, $parentData) = unserialize($str);`
	`57`	`+ list($this->user, $parentData) = \is_array($str) ? $str : unserialize($str);`
`59`	`58`
`60`	`59`	`parent::unserialize($parentData);`
`61`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,19 +60,17 @@ public function getMessageData()`
`60`	`60`	`*/`
`61`	`61`	`public function serialize()`
`62`	`62`	`{`
`63`		`- return serialize([`
`64`		`- parent::serialize(),`
`65`		`- $this->messageKey,`
`66`		`- $this->messageData,`
`67`		`- ]);`
	`63`	`+ return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);`
	`64`	`+`
	`65`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`68`	`66`	`}`
`69`	`67`
`70`	`68`	`/**`
`71`	`69`	`* {@inheritdoc}`
`72`	`70`	`*/`
`73`	`71`	`public function unserialize($str)`
`74`	`72`	`{`
`75`		`- list($parentData, $this->messageKey, $this->messageData) = unserialize($str);`
	`73`	`+ list($parentData, $this->messageKey, $this->messageData) = \is_array($str) ? $str : unserialize($str);`
`76`	`74`
`77`	`75`	`parent::unserialize($parentData);`
`78`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,18 +54,17 @@ public function setUsername($username)`
`54`	`54`	`*/`
`55`	`55`	`public function serialize()`
`56`	`56`	`{`
`57`		`- return serialize([`
`58`		`- $this->username,`
`59`		`- parent::serialize(),`
`60`		`- ]);`
	`57`	`+ $serialized = [$this->username, parent::serialize(true)];`
	`58`	`+`
	`59`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`61`	`60`	`}`
`62`	`61`
`63`	`62`	`/**`
`64`	`63`	`* {@inheritdoc}`
`65`	`64`	`*/`
`66`	`65`	`public function unserialize($str)`
`67`	`66`	`{`
`68`		`- list($this->username, $parentData) = unserialize($str);`
	`67`	`+ list($this->username, $parentData) = \is_array($str) ? $str : unserialize($str);`
`69`	`68`
`70`	`69`	`parent::unserialize($parentData);`
`71`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,9 +43,14 @@ public function __construct($user, array $roles = [])`
`43`	`43`	`$this->setUser($user);`
`44`	`44`	`}`
`45`	`45`
	`46`	`+ /**`
	`47`	`+ * {@inheritdoc}`
	`48`	`+ */`
`46`	`49`	`public function serialize()`
`47`	`50`	`{`
`48`		`- return serialize([$this->credentials, parent::serialize()]);`
	`51`	`+ $serialized = [$this->credentials, parent::serialize(true)];`
	`52`	`+`
	`53`	`+ return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);`
`49`	`54`	`}`
`50`	`55`
`51`	`56`	`public function unserialize($serialized)`