Dont allow unserializing classes with a destructor - 5.2

jderusse · jderusse · commit 891797cde5a9 · 2020-12-15T11:45:32.000+01:00
diff --git a/Response/CommonResponseTrait.php b/Response/CommonResponseTrait.php
@@ -127,6 +127,16 @@ public function toStream(bool $throw = true)
         return $stream;
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     /**
      * Closes the response and all its network handles.
      */
diff --git a/Response/TraceableResponse.php b/Response/TraceableResponse.php
@@ -44,6 +44,16 @@ public function __construct(HttpClientInterface $client, ResponseInterface $resp
         $this->event = $event;
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         try {
