Skip to content

Commit 0cb2d7c

Browse files
marcovtwoutmarcovtwout
committed
When unserializing CDbCriteria, check if $params is an array to prevent object Injection
1 parent cea893f commit 0cb2d7c

File tree

1 file changed

+12
-9
lines changed

1 file changed

+12
-9
lines changed

framework/db/schema/CDbCriteria.php

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -168,18 +168,21 @@ public function __wakeup()
168168
{
169169
$map=array();
170170
$params=array();
171-
foreach($this->params as $name=>$value)
171+
if(is_array($this->params))
172172
{
173-
if(strpos($name,self::PARAM_PREFIX)===0)
173+
foreach($this->params as $name=>$value)
174174
{
175-
$newName=self::PARAM_PREFIX.self::$paramCount++;
176-
$map[$name]=$newName;
177-
}
178-
else
179-
{
180-
$newName=$name;
175+
if(strpos($name,self::PARAM_PREFIX)===0)
176+
{
177+
$newName=self::PARAM_PREFIX.self::$paramCount++;
178+
$map[$name]=$newName;
179+
}
180+
else
181+
{
182+
$newName=$name;
183+
}
184+
$params[$newName]=$value;
181185
}
182-
$params[$newName]=$value;
183186
}
184187
if (!empty($map))
185188
{

0 commit comments

Comments
 (0)