test/hyperf
1
0
Fork 0
mirror of https://gitee.com/hyperf/hyperf.git synced 2024-11-30 02:37:58 +08:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Fixed bug that RequiredIf can be exploited to generate gadget chains for deserialization vulnerabiltiies. (#3724)

Browse Source
This commit is contained in:
黄朝晖 2021-06-23 08:33:27 +08:00 committed by GitHub
parent 4f2fa87eb9
commit bafefe8022
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG-2.1.md
View File

@ -3,6 +3,7 @@
## Security
- [#3723](https://github.com/hyperf/hyperf/pull/3723) Fixed the active_url rule for validation in input fails to correctly check dns record with dns_get_record resulting in bypassing the validation.
- [#3724](https://github.com/hyperf/hyperf/pull/3724) Fixed bug that `RequiredIf` can be exploited to generate gadget chains for deserialization vulnerabiltiies.
## Fixed

6
src/validation/src/Rules/RequiredIf.php
View File

@ -11,6 +11,8 @@ declare(strict_types=1);
*/
namespace Hyperf\Validation\Rules;
use InvalidArgumentException;
class RequiredIf
{
/**
@ -27,7 +29,11 @@ class RequiredIf
*/
public function __construct($condition)
{
if (! is_string($condition)) {
$this->condition = $condition;
} else {
throw new InvalidArgumentException('The provided condition must be a callable or boolean.');
}
}
/**