Skip to content

Commit d35d4a3

Browse files
xabbuhxabbuh
committed
properly handle invalid data for false/true types
1 parent 8ed9bb0 commit d35d4a3

File tree

2 files changed

+84
-5
lines changed

2 files changed

+84
-5
lines changed

src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php

Lines changed: 27 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -621,12 +621,34 @@ private function validateAndDenormalize(array $types, string $currentClass, stri
621621
return (float) $data;
622622
}
623623

624-
if (Type::BUILTIN_TYPE_FALSE === $builtinType && false === $data) {
625-
return $data;
626-
}
624+
switch ($builtinType) {
625+
case Type::BUILTIN_TYPE_ARRAY:
626+
case Type::BUILTIN_TYPE_BOOL:
627+
case Type::BUILTIN_TYPE_CALLABLE:
628+
case Type::BUILTIN_TYPE_FLOAT:
629+
case Type::BUILTIN_TYPE_INT:
630+
case Type::BUILTIN_TYPE_ITERABLE:
631+
case Type::BUILTIN_TYPE_NULL:
632+
case Type::BUILTIN_TYPE_OBJECT:
633+
case Type::BUILTIN_TYPE_RESOURCE:
634+
case Type::BUILTIN_TYPE_STRING:
635+
if (('is_'.$builtinType)($data)) {
636+
return $data;
637+
}
638+
639+
break;
640+
case Type::BUILTIN_TYPE_FALSE:
641+
if (false === $data) {
642+
return $data;
643+
}
644+
645+
break;
646+
case Type::BUILTIN_TYPE_TRUE:
647+
if (true === $data) {
648+
return $data;
649+
}
627650

628-
if (('is_'.$builtinType)($data)) {
629-
return $data;
651+
break;
630652
}
631653
} catch (NotNormalizableValueException $e) {
632654
if (!$isUnionType && !$isNullable) {

src/Symfony/Component/Serializer/Tests/Normalizer/AbstractObjectNormalizerTest.php

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -687,6 +687,26 @@ protected function setAttributeValue(object $object, string $attribute, $value,
687687

688688
$this->assertSame('scalar', $normalizer->denormalize('scalar', XmlScalarDummy::class, 'xml')->value);
689689
}
690+
691+
/**
692+
* @dataProvider provideBooleanTypesData
693+
*/
694+
public function testDenormalizeBooleanTypesWithNotMatchingData(array $data, string $type)
695+
{
696+
$normalizer = new AbstractObjectNormalizerWithMetadataAndPropertyTypeExtractors();
697+
698+
$this->expectException(NotNormalizableValueException::class);
699+
700+
$normalizer->denormalize($data, $type);
701+
}
702+
703+
public function provideBooleanTypesData()
704+
{
705+
return [
706+
[['foo' => true], FalsePropertyDummy::class],
707+
[['foo' => false], TruePropertyDummy::class],
708+
];
709+
}
690710
}
691711

692712
class AbstractObjectNormalizerDummy extends AbstractObjectNormalizer
@@ -816,6 +836,18 @@ class XmlScalarDummy
816836
public $value;
817837
}
818838

839+
class FalsePropertyDummy
840+
{
841+
/** @var false */
842+
public $foo;
843+
}
844+
845+
class TruePropertyDummy
846+
{
847+
/** @var true */
848+
public $foo;
849+
}
850+
819851
class SerializerCollectionDummy implements SerializerInterface, DenormalizerInterface
820852
{
821853
private $normalizers;
@@ -936,3 +968,28 @@ public function __sleep(): array
936968
throw new \Error('not serializable');
937969
}
938970
}
971+
972+
class AbstractObjectNormalizerWithMetadataAndPropertyTypeExtractors extends AbstractObjectNormalizer
973+
{
974+
public function __construct()
975+
{
976+
parent::__construct(new ClassMetadataFactory(new AnnotationLoader()), null, new PropertyInfoExtractor([], [new PhpDocExtractor(), new ReflectionExtractor()]));
977+
}
978+
979+
protected function extractAttributes(object $object, ?string $format = null, array $context = []): array
980+
{
981+
return [];
982+
}
983+
984+
protected function getAttributeValue(object $object, string $attribute, ?string $format = null, array $context = [])
985+
{
986+
return null;
987+
}
988+
989+
protected function setAttributeValue(object $object, string $attribute, $value, ?string $format = null, array $context = []): void
990+
{
991+
if (property_exists($object, $attribute)) {
992+
$object->$attribute = $value;
993+
}
994+
}
995+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy