From facfe5370244cf65f36a437c4f9d8b0504953edc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laurent=20L=C3=A9cluse?= <laurent.lecluse@unicaen.fr>
Date: Thu, 13 Apr 2023 14:54:03 +0200
Subject: [PATCH] =?UTF-8?q?Contr=C3=B4le=20de=20pr=C3=A9vention=20de=20bou?=
=?UTF-8?q?cles=20infinies=20pour=20l'Extractor?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Suppression de l'utilisation des __toString, trop "magique"
---
src/Axios/AxiosExtractor.php | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/Axios/AxiosExtractor.php b/src/Axios/AxiosExtractor.php
index 8eaa0ba..d1f8d0e 100644
--- a/src/Axios/AxiosExtractor.php
+++ b/src/Axios/AxiosExtractor.php
@@ -7,6 +7,8 @@ use Doctrine\ORM\Query;
class AxiosExtractor
{
+ public static $loopControl = 50;
+
const DATETIME_FORMAT = 'Y-m-d\TH:i:s.u\Z'; // timestamp ISO 8601 pour HTML5
protected array $triggers = [];
@@ -53,6 +55,12 @@ class AxiosExtractor
protected function extractObject($data, array $properties, string $path = ''): array
{
+ // contrôle de boucle récursive, afin de ne pas saturer la mémoire...
+ if (substr_count($path, '/') >= self::$loopControl){
+ //return [];
+ throw new \Exception("AxiosExtractor has detected a possible infinite loop, and aborted your script with a stack depth of '".self::$loopControl."' frames");
+ }
+
$result = [];
$props = ['id'];
@@ -64,10 +72,6 @@ class AxiosExtractor
$props[] = $prop;
}
}
- } else {
- if (method_exists($data, '__toString')) {
- $props[] = '__toString';
- }
}
} else {
foreach ($properties as $prop) {
@@ -100,11 +104,6 @@ class AxiosExtractor
}
}
- if (array_key_exists('__toString', $result)) {
- $result['libelle'] = $result['__toString'];
- unset($result['__toString']);
- }
-
return $result;
}
--
GitLab