Commit 08f06640 authored by totten's avatar totten Committed by Seamus Lee

Harden against serialization vulnerabilities (#46)

parent a31969fb
......@@ -102,4 +102,24 @@ class CRM_Utils_AutoClean {
\Civi\Core\Resolver::singleton()->call($this->callback, $this->args);
}
/**
* Prohibit (de)serialization of CRM_Utils_AutoClean.
*
* The generic nature of AutoClean makes it a potential target for escalating
* serialization vulnerabilities, and there's no good reason for serializing it.
*/
public function __sleep() {
throw new \RuntimeException("CRM_Utils_AutoClean is a runtime helper. It is not intended for serialization.");
}
/**
* Prohibit (de)serialization of CRM_Utils_AutoClean.
*
* The generic nature of AutoClean makes it a potential target for escalating
* serialization vulnerabilities, and there's no good reason for deserializing it.
*/
public function __wakeup() {
throw new \RuntimeException("CRM_Utils_AutoClean is a runtime helper. It is not intended for deserialization.");
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment