Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable deserialization in FilteredIterator #421

Merged

Conversation

SergeyBiryukov
Copy link
Member

@SergeyBiryukov SergeyBiryukov commented Nov 1, 2020

WordPress 5.5.2 included a security fix to disable deserialization in Requests_Utility_FilteredIterator:
https://core.trac.wordpress.org/changeset/49373

This PR aims to merge that change upstream.

@codecov-io
Copy link

Codecov Report

Merging #421 into master will decrease coverage by 0.26%.
The diff coverage is 0.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #421      +/-   ##
============================================
- Coverage     93.32%   93.06%   -0.27%     
- Complexity      761      764       +3     
============================================
  Files            21       21              
  Lines          1784     1788       +4     
============================================
- Hits           1665     1664       -1     
- Misses          119      124       +5     
Impacted Files Coverage Δ Complexity Δ
library/Requests/Utility/FilteredIterator.php 63.63% <0.00%> (-36.37%) 5.00 <3.00> (+3.00) ⬇️
library/Requests/Transport/fsockopen.php 94.35% <0.00%> (-0.57%) 69.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9da3478...3f2da97. Read the comment docs.

@jrfnl
Copy link
Member

jrfnl commented Nov 2, 2020

Hi @SergeyBiryukov Thanks for the PR. Could a test be added to verify the behaviour of this fix ? And possibly to disclose the issue (privately) in more detail ?

whyisjake added a commit to whyisjake/Requests that referenced this pull request Nov 2, 2020
This is just an extension, with some tests from WordPress core.
@whyisjake whyisjake mentioned this pull request Nov 2, 2020
schlessera added a commit that referenced this pull request Nov 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants