Skip to content

Commit 071b51e

Browse files
jewome62jewome62
committed
[Serializer] Check valid array for callbacks context argument
[Serializer] Check valid callback for max_depth_handler context argument
1 parent ba1097c commit 071b51e

File tree

3 files changed

+23
-1
lines changed

3 files changed

+23
-1
lines changed

src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php

+4
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,10 @@ public function __construct(ClassMetadataFactoryInterface $classMetadataFactory
100100
$this->defaultContext = array_merge($this->defaultContext, $defaultContext);
101101

102102
if (\array_key_exists(self::CALLBACKS, $this->defaultContext)) {
103+
if (!\is_array($this->defaultContext[self::CALLBACKS])) {
104+
throw new InvalidArgumentException('The callbacks default context must be a array of callable.');
105+
}
106+
103107
foreach ($this->defaultContext[self::CALLBACKS] as $attribute => $callback) {
104108
if (!\is_callable($callback)) {
105109
throw new InvalidArgumentException(sprintf('The callback given in the default context for attribute "%s" is not callable.', $attribute));

src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php

+14
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,11 @@ abstract class AbstractObjectNormalizer extends AbstractNormalizer
5959
public function __construct(ClassMetadataFactoryInterface $classMetadataFactory = null, NameConverterInterface $nameConverter = null, PropertyTypeExtractorInterface $propertyTypeExtractor = null, ClassDiscriminatorResolverInterface $classDiscriminatorResolver = null, callable $objectClassResolver = null, array $defaultContext = [])
6060
{
6161
parent::__construct($classMetadataFactory, $nameConverter, $defaultContext);
62+
63+
if (\array_key_exists(self::MAX_DEPTH_HANDLER, $this->defaultContext) && !\is_callable($this->defaultContext[self::MAX_DEPTH_HANDLER])) {
64+
throw new InvalidArgumentException(sprintf('The %s given in the default context is not callable.', self::MAX_DEPTH_HANDLER));
65+
}
66+
6267
$this->defaultContext[self::EXCLUDE_FROM_CACHE_KEY] = [self::CIRCULAR_REFERENCE_LIMIT_COUNTERS];
6368

6469
$this->propertyTypeExtractor = $propertyTypeExtractor;
@@ -86,7 +91,12 @@ public function normalize($object, $format = null, array $context = [])
8691
if (!isset($context['cache_key'])) {
8792
$context['cache_key'] = $this->getCacheKey($format, $context);
8893
}
94+
8995
if (\array_key_exists(self::CALLBACKS, $context)) {
96+
if (!\is_array($context[self::CALLBACKS])) {
97+
throw new InvalidArgumentException('The callbacks context must be a array of callable.');
98+
}
99+
90100
foreach ($context[self::CALLBACKS] as $attribute => $callback) {
91101
if (!\is_callable($callback)) {
92102
throw new InvalidArgumentException(sprintf('The callback given in the context for attribute "%s" is not callable.', $attribute));
@@ -105,6 +115,10 @@ public function normalize($object, $format = null, array $context = [])
105115
$attributesMetadata = $this->classMetadataFactory ? $this->classMetadataFactory->getMetadataFor($class)->getAttributesMetadata() : null;
106116
$maxDepthHandler = $context[self::MAX_DEPTH_HANDLER] ?? $this->defaultContext[self::MAX_DEPTH_HANDLER] ?? $this->maxDepthHandler;
107117

118+
if (null !== $maxDepthHandler && !\is_callable($maxDepthHandler)) {
119+
throw new InvalidArgumentException(sprintf('The %s given in the context is not callable.', self::MAX_DEPTH_HANDLER));
120+
}
121+
108122
foreach ($attributes as $attribute) {
109123
$maxDepthReached = false;
110124
if (null !== $attributesMetadata && ($maxDepthReached = $this->isMaxDepthReached($attributesMetadata, $class, $attribute, $context)) && !$maxDepthHandler) {

src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php

+5-1
Original file line numberDiff line numberDiff line change
@@ -781,7 +781,11 @@ private function createNormalizerWithMaxDepthHandler(callable $handler = null, b
781781
$this->normalizer->setMaxDepthHandler($handler);
782782
}
783783
} else {
784-
$this->createNormalizer([ObjectNormalizer::MAX_DEPTH_HANDLER => $handler], $classMetadataFactory);
784+
$context = [];
785+
if (null !== $handler) {
786+
$context[ObjectNormalizer::MAX_DEPTH_HANDLER] = $handler;
787+
}
788+
$this->createNormalizer($context, $classMetadataFactory);
785789
}
786790
$this->serializer = new Serializer([$this->normalizer]);
787791
$this->normalizer->setSerializer($this->serializer);

0 commit comments

Comments
 (0)