[5.2] Harden FormattedTextLogger against object injection attacks (joomla#44428)

Author: SniperSister

libraries/src/Log/Logger/FormattedtextLogger.php

@@ -144,6 +144,20 @@ public function __destruct()
         }
     }
 
+    /**
+     * Prevent object injection attacks by suppressing unserialization of instance with deferred rows
+     *
+     * @since  __DEPLOY_VERSION__
+     *
+     * @throws \Exception
+     */
+    public function __wakeup()
+    {
+        if ($this->defer && !empty($this->deferredEntries)) {
+            throw new \RuntimeException('Can not unserialize in defer mode');
+        }
+    }
+
     /**
      * Method to add an entry to the log.
      *