class PharMetaDataInterceptor
@internal Experimental implementation of checking against serialized objects in Phar meta-data @internal This functionality has not been 100% pentested...
Hierarchy
- class \TYPO3\PharStreamWrapper\Interceptor\PharMetaDataInterceptor implements \TYPO3\PharStreamWrapper\Assertable
Expanded class hierarchy of PharMetaDataInterceptor
File
-
misc/
typo3/ phar-stream-wrapper/ src/ Interceptor/ PharMetaDataInterceptor.php, line 24
Namespace
TYPO3\PharStreamWrapper\InterceptorView source
class PharMetaDataInterceptor implements Assertable {
/**
* Determines whether the according Phar archive contains
* (potential insecure) serialized objects.
*
* @param string $path
* @param string $command
* @return bool
* @throws Exception
*/
public function assert($path, $command) {
if ($this->baseFileDoesNotHaveMetaDataIssues($path)) {
return true;
}
throw new Exception(sprintf('Problematic meta-data in "%s"', $path), 1539632368);
}
/**
* @param string $path
* @return bool
*/
private function baseFileDoesNotHaveMetaDataIssues($path) {
$invocation = Manager::instance()->resolve($path);
if ($invocation === null) {
return false;
}
// directly return in case invocation was checked before
if ($invocation->getVariable(__CLASS__) === true) {
return true;
}
// otherwise analyze meta-data
try {
$reader = new Reader($invocation->getBaseName());
$reader->resolveContainer()
->getManifest()
->deserializeMetaData();
$invocation->setVariable(__CLASS__, true);
} catch (DeserializationException $exception) {
return false;
}
return true;
}
}Members
| Title Sort descending | Modifiers | Object type | Summary | Overriden Title |
|---|---|---|---|---|
| PharMetaDataInterceptor::assert | public | function | Determines whether the according Phar archive contains (potential insecure) serialized objects. |
Overrides Assertable::assert |
| PharMetaDataInterceptor::baseFileDoesNotHaveMetaDataIssues | private | function |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.