New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Prefer clone() over unserialize(serialize()) for user refreshment #29621

Merged
merged 1 commit into from Dec 17, 2018

Conversation

Projects
None yet
5 participants
@chalasr
Copy link
Member

chalasr commented Dec 15, 2018

Q A
Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #29459
License MIT
Doc PR n/a

To not hit the serialize() bug reported in the related ticket

@nicolas-grekas
Copy link
Member

nicolas-grekas left a comment

Using clone was discussed in #28072 (comment)
but here this php bug gives us no other choices.

@javiereguiluz
Copy link
Member

javiereguiluz left a comment

I confirm that this fix solved the error for me. Thanks!

@nicolas-grekas

This comment has been minimized.

Copy link
Member

nicolas-grekas commented Dec 17, 2018

Thank you @chalasr.

@nicolas-grekas nicolas-grekas merged commit a8eba80 into symfony:3.4 Dec 17, 2018

3 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
fabbot.io Your code looks good.
Details

nicolas-grekas added a commit that referenced this pull request Dec 17, 2018

bug #29621 [Security] Prefer clone() over unserialize(serialize()) fo…
…r user refreshment (chalasr)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Prefer clone() over unserialize(serialize()) for user refreshment

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29459
| License       | MIT
| Doc PR        | n/a

To not hit the `serialize()` bug reported in the related ticket

Commits
-------

a8eba80 [Security] Prefer clone over unserialize(serialize()) for user refreshment

@chalasr chalasr deleted the chalasr:clone-token branch Dec 17, 2018

This was referenced Jan 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment