Contrib.social

MapItem unserialize function in setValue method should allow TranslatableMarkup class

Open on Drupal.org →
Created on 2 April 2019, over 5 years ago
Updated 30 January 2023, almost 2 years ago

In SA-CORE-2019-003 code below was introduced in MapItem.php and introduced a bug which throws fatal errors because of incomplete object which previously worked.

if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
    $values = unserialize($values, ['allowed_classes' => FALSE]);
}
else {
  $values = unserialize($values);
}

if class is passed like for example in commerce logs.
https://www.drupal.org/forum/support/post-installation/2019-02-28/fatal-... .

Returns fatal error like below.
Fatal error: method_exists(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Drupal\Core\StringTranslation\TranslatableMarkup" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide an autoloader to load the class definition in ...

I think we can allow TranslateableMarkup here on the list of allowed classes as it is considered that
"Strings sanitized by t() are automatically marked safe" as listed here

This would solve issues below:
https://www.drupal.org/project/commerce/issues/3040333#comment-13022686
https://www.drupal.org/forum/support/post-installation/2019-02-28/fatal-... .

Providing patch for this.

🐛 Bug report
Status

Needs work

Version

10.1

Component
Field 

Last updated 6 days ago

Created by

🇭🇷Croatia xSDx

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago
    needs-review-queue-bot

    The Needs Review Queue Bot tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

    Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024