class PharMetaDataInterceptor in Drupal 7
@internal Experimental implementation of checking against serialized objects in Phar meta-data @internal This functionality has not been 100% pentested...
Hierarchy
- class \TYPO3\PharStreamWrapper\Interceptor\PharMetaDataInterceptor implements Assertable
Expanded class hierarchy of PharMetaDataInterceptor
File
- misc/
typo3/ phar-stream-wrapper/ src/ Interceptor/ PharMetaDataInterceptor.php, line 24
Namespace
TYPO3\PharStreamWrapper\InterceptorView source
class PharMetaDataInterceptor implements Assertable {
/**
* Determines whether the according Phar archive contains
* (potential insecure) serialized objects.
*
* @param string $path
* @param string $command
* @return bool
* @throws Exception
*/
public function assert($path, $command) {
if ($this
->baseFileDoesNotHaveMetaDataIssues($path)) {
return true;
}
throw new Exception(sprintf('Problematic meta-data in "%s"', $path), 1539632368);
}
/**
* @param string $path
* @return bool
*/
private function baseFileDoesNotHaveMetaDataIssues($path) {
$invocation = Manager::instance()
->resolve($path);
if ($invocation === null) {
return false;
}
// directly return in case invocation was checked before
if ($invocation
->getVariable(__CLASS__) === true) {
return true;
}
// otherwise analyze meta-data
try {
$reader = new Reader($invocation
->getBaseName());
$reader
->resolveContainer()
->getManifest()
->deserializeMetaData();
$invocation
->setVariable(__CLASS__, true);
} catch (DeserializationException $exception) {
return false;
}
return true;
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
PharMetaDataInterceptor:: |
public | function |
Determines whether the according Phar archive contains
(potential insecure) serialized objects. Overrides Assertable:: |
|
|
PharMetaDataInterceptor:: |
private | function |