bug #62653 [Lock] Fix unserializing already serialized Key payloads (nicolas-grekas)

nicolas-grekas · nicolas-grekas · commit c43a084224cf · 2025-12-05T08:09:33.000+01:00
This PR was merged into the 7.4 branch. Discussion ---------- [Lock] Fix unserializing already serialized Key payloads | Q | A | ------------- | --- | Branch? | 7.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #62585 | License | MIT Issue introduced in #60023 Commits ------- 44cf8da [Lock] Fix unserializing already serialized Key payloads
diff --git a/src/Symfony/Component/Lock/Key.php b/src/Symfony/Component/Lock/Key.php
@@ -18,7 +18,7 @@
  *
  * @author Jérémy Derussé <jeremy@derusse.com>
  */
-final class Key
+final class Key implements \Stringable
 {
     private ?float $expiringTime = null;
     private array $state = [];
@@ -91,9 +91,9 @@ public function isExpired(): bool
 
     public function __unserialize(array $data): void
     {
-        $this->resource = $data['resource'];
-        $this->expiringTime = $data['expiringTime'];
-        $this->state = $data['state'];
+        $this->resource = $data['resource'] ?? $data["\0".self::class."\0resource"];
+        $this->expiringTime = $data['expiringTime'] ?? $data["\0".self::class."\0expiringTime"] ?? null;
+        $this->state = $data['state'] ?? $data["\0".self::class."\0state"] ?? [];
     }
 
     public function __serialize(): array
diff --git a/src/Symfony/Component/Lock/Tests/KeyTest.php b/src/Symfony/Component/Lock/Tests/KeyTest.php
@@ -31,6 +31,17 @@ public function testSerialize()
         $this->assertEqualsWithDelta($key->getRemainingLifetime(), $copy->getRemainingLifetime(), 0.001);
     }
 
+    public function testLegacyPayloadCanBeUnserialized()
+    {
+        $serialized = base64_decode('TzoyNjoiU3ltZm9ueVxDb21wb25lbnRcTG9ja1xLZXkiOjM6e3M6MzY6IgBTeW1mb255XENvbXBvbmVudFxMb2NrXEtleQByZXNvdXJjZSI7czo2OiJsZWdhY3kiO3M6NDA6IgBTeW1mb255XENvbXBvbmVudFxMb2NrXEtleQBleHBpcmluZ1RpbWUiO047czozMzoiAFN5bWZvbnlcQ29tcG9uZW50XExvY2tcS2V5AHN0YXRlIjthOjA6e319', true);
+
+        $key = unserialize($serialized, ['allowed_classes' => [Key::class]]);
+
+        $this->assertInstanceOf(Key::class, $key);
+        $this->assertSame('legacy', (string) $key);
+        $this->assertNull($key->getRemainingLifetime());
+    }
+
     public function testUnserialize()
     {
         $key = new Key(__METHOD__);

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`*`
`19`	`19`	`* @author Jérémy Derussé <jeremy@derusse.com>`
`20`	`20`	`*/`
`21`		`-final class Key`
	`21`	`+final class Key implements \Stringable`
`22`	`22`	`{`
`23`	`23`	`private ?float $expiringTime = null;`
`24`	`24`	`private array $state = [];`
`@@ -91,9 +91,9 @@ public function isExpired(): bool`
`91`	`91`
`92`	`92`	`public function __unserialize(array $data): void`
`93`	`93`	`{`
`94`		`- $this->resource = $data['resource'];`
`95`		`- $this->expiringTime = $data['expiringTime'];`
`96`		`- $this->state = $data['state'];`
	`94`	`+ $this->resource = $data['resource'] ?? $data["\0".self::class."\0resource"];`
	`95`	`+ $this->expiringTime = $data['expiringTime'] ?? $data["\0".self::class."\0expiringTime"] ?? null;`
	`96`	`+ $this->state = $data['state'] ?? $data["\0".self::class."\0state"] ?? [];`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`public function __serialize(): array`