From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed, 28 Nov 2018 15:25:01 +0000 (-0500)
Subject: Message: Throw if given invalid serialized data
X-Git-Tag: 1.34.0-rc.0~3399^2
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=commitdiff_plain;h=e2f2da74f2fc798aaa6e70a74e111a1953255790;p=lhc%2Fweb%2Fwiklou.git

Message: Throw if given invalid serialized data

Instead of silently winding up with a bogus Message object having most
fields invalidly set to null, just throw an exception.

Bug: T210528
Change-Id: I79313f8acf3ebb1ef12dac30c362aa10c715f40b
---

diff --git a/includes/Message.php b/includes/Message.php
index 3bd775537f..7dd22c7cea 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -300,6 +300,10 @@ class Message implements MessageSpecifier, Serializable {
 	 */
 	public function unserialize( $serialized ) {
 		$data = unserialize( $serialized );
+		if ( !is_array( $data ) ) {
+			throw new InvalidArgumentException( __METHOD__ . ': Invalid serialized data' );
+		}
+
 		$this->interface = $data['interface'];
 		$this->key = $data['key'];
 		$this->keysToTry = $data['keysToTry'];