X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FUtils%2FAutoClean.php;h=c2c21dc1849a2222fced03049b4d99de5f7a1afa;hb=1af6842deebba55c837043f69a1a8f06d710e497;hp=c6cd890074f3c79e6eb4830b6dbbae367d4a49bb;hpb=ef444b4a23f83a38d8362eb66cd1b06071a7cd1c;p=civicrm-core.git

diff --git a/CRM/Utils/AutoClean.php b/CRM/Utils/AutoClean.php
index c6cd890074..c2c21dc184 100644
--- a/CRM/Utils/AutoClean.php
+++ b/CRM/Utils/AutoClean.php
@@ -3,7 +3,7 @@
  +--------------------------------------------------------------------+
  | CiviCRM version 5                                                  |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2018                                |
+ | Copyright CiviCRM LLC (c) 2004-2019                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -28,7 +28,7 @@
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2018
+ * @copyright CiviCRM LLC (c) 2004-2019
  */
 
 /**
@@ -87,13 +87,13 @@ class CRM_Utils_AutoClean {
   public static function swap($getter, $setter, $tmpValue) {
     $resolver = \Civi\Core\Resolver::singleton();
 
-    $origValue = $resolver->call($getter, array());
+    $origValue = $resolver->call($getter, []);
 
     $ac = new CRM_Utils_AutoClean();
     $ac->callback = $setter;
-    $ac->args = array($origValue);
+    $ac->args = [$origValue];
 
-    $resolver->call($setter, array($tmpValue));
+    $resolver->call($setter, [$tmpValue]);
 
     return $ac;
   }
@@ -102,4 +102,24 @@ class CRM_Utils_AutoClean {
     \Civi\Core\Resolver::singleton()->call($this->callback, $this->args);
   }
 
+  /**
+   * Prohibit (de)serialization of CRM_Utils_AutoClean.
+   *
+   * The generic nature of AutoClean makes it a potential target for escalating
+   * serialization vulnerabilities, and there's no good reason for serializing it.
+   */
+  public function __sleep() {
+    throw new \RuntimeException("CRM_Utils_AutoClean is a runtime helper. It is not intended for serialization.");
+  }
+
+  /**
+   * Prohibit (de)serialization of CRM_Utils_AutoClean.
+   *
+   * The generic nature of AutoClean makes it a potential target for escalating
+   * serialization vulnerabilities, and there's no good reason for deserializing it.
+   */
+  public function __wakeup() {
+    throw new \RuntimeException("CRM_Utils_AutoClean is a runtime helper. It is not intended for deserialization.");
+  }
+
 }