Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unserialize Swift_Message error fix #7807

Merged
merged 2 commits into from Sep 2, 2019

Conversation

@escopecz
Copy link
Member

commented Aug 20, 2019

Please be sure you are submitting this against the staging branch.

Q A
Bug fix? Y
New feature? N
Automated tests included? Y
Related user documentation PR URL /
Related developer documentation PR URL /
Issues addressed (#s or URLs) #7767
BC breaks? N
Deprecations? N

Description:

Mautic 2.15.2 contained sanitization of unserialize PHP functions. Even though the one case where the classes are being unserialized contained exception and enabled the Swift_Message class it was not enough as once the unserialized object got a method call it threw the error message.

This error happened in following cases:

  • PHP 7+
  • Email queue enabled in Mautic configuration.
  • The app/spool/default dir contains some email file that has extension of .finalretry or .sending
    or .tryagain. If it contained only email files with the .message extension it worked correctly.

Steps to reproduce the bug:

  1. Ensure all the requirements are fulfilled to reproduce this error.
  2. To simulate the error send an email, rename the email file extension from .message to .tryagain.
  3. Execute the $ app/console mautic:emails:send command.

You should get this error:

  [Symfony\Component\Debug\Exception\FatalErrorException]                                                                                    
  Error: Swift_Mime_SimpleMimeEntity::_getHeaderFieldModel(): The script tried to execute a method or access a property of an incomplete ob  
  ject. Please ensure that the class definition "Swift_Mime_SimpleHeaderSet" of the object you are trying to operate on was loaded _before_  
   unserialize() gets called or provide an autoloader to load the class definition  

Steps to test this PR:

  1. Run the command again.
  2. The email is send without any error.
@Woeler
Woeler approved these changes Aug 29, 2019
Copy link
Member

left a comment

Tested and working for me.

@npracht
npracht approved these changes Sep 2, 2019
Copy link
Member

left a comment

@Woeler I didn't notice but we had the same fix in production for a while (since the last security fixes) and it is working perfectly.

@Woeler Woeler merged commit 8547b65 into mautic:staging Sep 2, 2019
2 checks passed
2 checks passed
Scrutinizer Analysis: 4 updated code elements – Tests: passed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@Woeler Woeler removed the Ready To Commit label Sep 2, 2019
@escopecz escopecz deleted the escopecz:unserialize-swiftmessage branch Sep 2, 2019
@maurolacerda-tech

This comment has been minimized.

Copy link

commented Sep 19, 2019

Tested and working for me.

@paulop

This comment has been minimized.

Copy link

commented Oct 8, 2019

Hi, Tested and working for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.