Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Symfony/serializer] AbstractNormalizer must respect constructor access modifier when instantiates target object #30748

Closed
NekaKawaii opened this issue Mar 28, 2019 · 0 comments
Closed

[Symfony/serializer] AbstractNormalizer must respect constructor access modifier when instantiates target object #30748

NekaKawaii opened this issue Mar 28, 2019 · 0 comments
Labels
Bug Serializer Status: Needs Review

Comments

@NekaKawaii
Copy link
Contributor

Symfony version(s) affected: 4.2

Description
When target class has private or protected modifier to __constuct function denormalizer tries to instantiate object and fails.

How to reproduce

<?php
require_once __DIR__ . '/vendor/autoload.php';

use Symfony\Component\Serializer\Serializer;
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\PropertyNormalizer;

class Target {
    private $field;
    private function __construct(int $field)
    {
        $this->field = $field;
    }
}

$serializer = new Serializer(
    [new PropertyNormalizer()],
    [new JsonEncoder()]
);

$serializer->deserialize('{"field": 5}', Target::class, 'json');

Possible Solution
Add a check whether constructor is public or return instance created without constructor otherwise.
@NekaKawaii NekaKawaii mentioned this issue Mar 28, 2019
Merged
@fabpot fabpot closed this as completed Mar 30, 2019
fabpot added a commit that referenced this issue Mar 30, 2019
@fabpot
bug #30749 [Serializer] Added check of constuctor modifiers to Abstra…
cc6bfea 
…ctNormalizer (NekaKawaii)

This PR was submitted for the 4.2 branch but it was merged into the 3.4 branch instead (closes #30749).

Discussion
----------

[Serializer] Added check of constuctor modifiers to AbstractNormalizer

| Q             | A
| ------------- | ---
| Branch?       |  4.2
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #30748
| License       | MIT

If constructor is not public, instantiate target object without constructor to prevent errors like `Access to non-public constructor of class Target`

Commits
-------

eb0e14c [Serializer] Added check of constuctor modifiers to AbstractNormalizer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Serializer Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fabpot @xabbuh @NekaKawaii @carsonbot