Skip to content

[Symfony/serializer] AbstractNormalizer must respect constructor access modifier when instantiates target object #30748

New issue
New issue
Closed
Closed
[Symfony/serializer] AbstractNormalizer must respect constructor access modifier when instantiates target object#30748
Labels
BugSerializerStatus: Needs Review
@dmitrii-t

Description

@dmitrii-t
dmitrii-t
opened on Mar 28, 2019

Symfony version(s) affected: 4.2

Description
When target class has private or protected modifier to __constuct function denormalizer tries to instantiate object and fails.

How to reproduce

<?php
require_once __DIR__ . '/vendor/autoload.php';

use Symfony\Component\Serializer\Serializer;
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\PropertyNormalizer;

class Target {
    private $field;
    private function __construct(int $field)
    {
        $this->field = $field;
    }
}

$serializer = new Serializer(
    [new PropertyNormalizer()],
    [new JsonEncoder()]
);

$serializer->deserialize('{"field": 5}', Target::class, 'json');

Possible Solution
Add a check whether constructor is public or return instance created without constructor otherwise.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSerializerStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions