Skip to content

Disable deserialization in FilteredIterator#421

Merged
schlessera merged 1 commit into
WordPress:masterfrom
SergeyBiryukov:disable-deserialization
Nov 3, 2020
Merged

Disable deserialization in FilteredIterator#421
schlessera merged 1 commit into
WordPress:masterfrom
SergeyBiryukov:disable-deserialization

Conversation

@SergeyBiryukov
Copy link
Copy Markdown
Member

@SergeyBiryukov SergeyBiryukov commented Nov 1, 2020
edited
Loading

WordPress 5.5.2 included a security fix to disable deserialization in Requests_Utility_FilteredIterator:
https://core.trac.wordpress.org/changeset/49373

This PR aims to merge that change upstream.

@codecov-io
Copy link
Copy Markdown

codecov-io commented Nov 1, 2020

Codecov Report

Merging #421 into master will decrease coverage by 0.26%.
The diff coverage is 0.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #421      +/-   ##
============================================
- Coverage     93.32%   93.06%   -0.27%     
- Complexity      761      764       +3     
============================================
  Files            21       21              
  Lines          1784     1788       +4     
============================================
- Hits           1665     1664       -1     
- Misses          119      124       +5
Impacted Files Coverage Δ Complexity Δ
library/Requests/Utility/FilteredIterator.php 63.63% <0.00%> (-36.37%) 5.00 <3.00> (+3.00) ⬇️
library/Requests/Transport/fsockopen.php 94.35% <0.00%> (-0.57%) 69.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9da3478...3f2da97. Read the comment docs.

@jrfnl
Copy link
Copy Markdown
Member

jrfnl commented Nov 2, 2020

Hi @SergeyBiryukov Thanks for the PR. Could a test be added to verify the behaviour of this fix ? And possibly to disclose the issue (privately) in more detail ?

whyisjake added a commit to whyisjake/Requests that referenced this pull request Nov 2, 2020
@whyisjake
Tests added for WordPress#421
21c6640 
This is just an extension, with some tests from WordPress core.
@whyisjake whyisjake mentioned this pull request Nov 2, 2020
Merged
schlessera added a commit that referenced this pull request Nov 3, 2020
@schlessera
Merge pull request #422 from whyisjake/fix/421
3d60d5c 
Tests added for #421
@schlessera schlessera added this to the 1.7.1 milestone Nov 3, 2020
@schlessera schlessera merged commit 549e3fd into WordPress:master Nov 3, 2020
@renovate renovate Bot mentioned this pull request Mar 7, 2022
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@schlessera schlessera schlessera approved these changes

Assignees

No one assigned

Labels

Type: testing/chores/QA

Projects

None yet

Milestone

1.8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@SergeyBiryukov @codecov-io @jrfnl @schlessera