Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Prefer clone() over unserialize(serialize()) for user refreshment #29621

Merged
merged 1 commit into from Dec 17, 2018
Merged

[Security] Prefer clone() over unserialize(serialize()) for user refreshment #29621

merged 1 commit into from Dec 17, 2018

Conversation

chalasr
Copy link
Member

@chalasr chalasr commented Dec 15, 2018

Q A
Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #29459
License MIT
Doc PR n/a

To not hit the serialize() bug reported in the related ticket

@chalasr chalasr added this to the 3.4 milestone Dec 15, 2018
nicolas-grekas
nicolas-grekas approved these changes Dec 15, 2018
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using clone was discussed in #28072 (comment)
but here this php bug gives us no other choices.

javiereguiluz
javiereguiluz approved these changes Dec 15, 2018
View reviewed changes
Copy link
Member

@javiereguiluz javiereguiluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirm that this fix solved the error for me. Thanks!

@chalasr chalasr mentioned this pull request Dec 15, 2018
Closed
@nicolas-grekas
Copy link
Member

Thank you @chalasr.

@nicolas-grekas nicolas-grekas merged commit a8eba80 into symfony:3.4 Dec 17, 2018
nicolas-grekas added a commit that referenced this pull request Dec 17, 2018
@nicolas-grekas
bug #29621 [Security] Prefer clone() over unserialize(serialize()) fo…
49c21d5 
…r user refreshment (chalasr)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Prefer clone() over unserialize(serialize()) for user refreshment

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29459
| License       | MIT
| Doc PR        | n/a

To not hit the `serialize()` bug reported in the related ticket

Commits
-------

a8eba80 [Security] Prefer clone over unserialize(serialize()) for user refreshment
@chalasr chalasr deleted the clone-token branch December 17, 2018 10:58
This was referenced Jan 6, 2019
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiereguiluz javiereguiluz javiereguiluz approved these changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@ogizanagi ogizanagi ogizanagi approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@chalasr @nicolas-grekas @javiereguiluz @ogizanagi @carsonbot