Skip to content

Commit

Permalink
Fixed bStrictObjectTypeChecking not enforced for objects
Browse files Browse the repository at this point in the history
this created some security issues in my projects.

Might be worth having createInstance() check if the object in question has any @required properties.
In the second case, the model's @required properties wouldn't be populated, but no error would be thrown.
  • Loading branch information
dktapps committed Feb 20, 2024
1 parent ccb0933 commit b96a209
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/JsonMapper.php
Original file line number Diff line number Diff line change
Expand Up @@ -461,6 +461,13 @@ public function mapArray($json, $array, $class = null, $parent_key = '')
settype($jvalue, $class);
$array[$key] = $jvalue;
} else {
if ($this->bStrictObjectTypeChecking) {
throw new JsonMapper_Exception(
'JSON property "' . ($parent_key ? $parent_key : '?') . '"'
. ' (array key "' . $key . '") must be an object, '
. gettype($jvalue) . ' given'
);
}
$array[$key] = $this->createInstance(
$class, true, $jvalue
);
Expand Down

0 comments on commit b96a209

Please sign in to comment.