Skip to content

Commit f82232a

Browse files
bdalsassbdalsass
committed
N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to unsafe deserialization
1 parent 44829e9 commit f82232a

File tree

2 files changed

+128
-128
lines changed

2 files changed

+128
-128
lines changed

lib/composer/InstalledVersions.php

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,12 @@
2626
*/
2727
class InstalledVersions
2828
{
29+
/**
30+
* @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
31+
* @internal
32+
*/
33+
private static $selfDir = null;
34+
2935
/**
3036
* @var mixed[]|null
3137
* @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
@@ -322,6 +328,18 @@ public static function reload($data)
322328
self::$installedIsLocalDir = false;
323329
}
324330

331+
/**
332+
* @return string
333+
*/
334+
private static function getSelfDir()
335+
{
336+
if (self::$selfDir === null) {
337+
self::$selfDir = strtr(__DIR__, '\\', '/');
338+
}
339+
340+
return self::$selfDir;
341+
}
342+
325343
/**
326344
* @return array[]
327345
* @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
@@ -336,7 +354,7 @@ private static function getInstalled()
336354
$copiedLocalDir = false;
337355

338356
if (self::$canGetVendors) {
339-
$selfDir = strtr(__DIR__, '\\', '/');
357+
$selfDir = self::getSelfDir();
340358
foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
341359
$vendorDir = strtr($vendorDir, '\\', '/');
342360
if (isset(self::$installedByVendor[$vendorDir])) {

0 commit comments

Comments
 (0)