Merge branch '2.17'

PHP-CS-Fixer · Jan 15, 2021 · 4aee7b6 · 4aee7b6
2 parents f637aea + eef9742
commit 4aee7b6
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -87,6 +87,7 @@ jobs:
           tools: flex
         env:
           fail-fast: false # disabled as old PHP version cannot run flex
+          update: ${{ matrix.php-version == '8.0' }} # force update to 8.0.1+, ref https://github.com/shivammathur/setup-php/issues/394#issuecomment-760461251
 
       - name: Get Composer cache directory
         id: composer-cache

diff --git a/php-cs-fixer b/php-cs-fixer
@@ -25,6 +25,14 @@ if (defined('HHVM_VERSION_ID')) {
     }
 } elseif (!defined('PHP_VERSION_ID') || \PHP_VERSION_ID < 50600 || \PHP_VERSION_ID >= 70500) {
     fwrite(STDERR, "PHP needs to be a minimum version of PHP 5.6.0 and maximum version of PHP 7.4.*.\n");
+    fwrite(STDERR, 'Current PHP version: '.PHP_VERSION.".\n");
+
+    if (defined('PHP_VERSION_ID') && \PHP_VERSION_ID === 80000) {
+        fwrite(STDERR, "PHP CS Fixer is not able run on PHP 8.0.0 due to bug in PHP tokenizer (https://bugs.php.net/bug.php?id=80462).\n");
+        fwrite(STDERR, "Update PHP version to unblock execution.\n");
+
+        exit(1);
+    }
 
     if (getenv('PHP_CS_FIXER_IGNORE_ENV')) {
         fwrite(STDERR, "Ignoring environment requirements because `PHP_CS_FIXER_IGNORE_ENV` is set. Execution may be unstable.\n");

diff --git a/src/Cache/FileCacheManager.php b/src/Cache/FileCacheManager.php
@@ -77,6 +77,26 @@ public function __destruct()
         $this->writeCache();
     }
 
+    /**
+     * This class is not intended to be serialized,
+     * and cannot be deserialized (see __wakeup method).
+     */
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    /**
+     * Disable the deserialization of the class to prevent attacker executing
+     * code by leveraging the __destruct method.
+     *
+     * @see https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection
+     */
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function needFixing($file, $fileContent)
     {
         $file = $this->cacheDirectory->getRelativePathTo($file);

diff --git a/src/Console/Output/ProcessOutput.php b/src/Console/Output/ProcessOutput.php
@@ -91,6 +91,26 @@ public function __destruct()
         $this->eventDispatcher->removeListener(FixerFileProcessedEvent::NAME, [$this, 'onFixerFileProcessed']);
     }
 
+    /**
+     * This class is not intended to be serialized,
+     * and cannot be deserialized (see __wakeup method).
+     */
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    /**
+     * Disable the deserialization of the class to prevent attacker executing
+     * code by leveraging the __destruct method.
+     *
+     * @see https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection
+     */
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function onFixerFileProcessed(FixerFileProcessedEvent $event)
     {
         if (

diff --git a/src/FileRemoval.php b/src/FileRemoval.php
@@ -39,6 +39,26 @@ public function __destruct()
         $this->clean();
     }
 
+    /**
+     * This class is not intended to be serialized,
+     * and cannot be deserialized (see __wakeup method).
+     */
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    /**
+     * Disable the deserialization of the class to prevent attacker executing
+     * code by leveraging the __destruct method.
+     *
+     * @see https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection
+     */
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     /**
      * Adds a file to be removed.
      *

diff --git a/src/Linter/ProcessLinter.php b/src/Linter/ProcessLinter.php
@@ -83,6 +83,26 @@ public function __destruct()
         }
     }
 
+    /**
+     * This class is not intended to be serialized,
+     * and cannot be deserialized (see __wakeup method).
+     */
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    /**
+     * Disable the deserialization of the class to prevent attacker executing
+     * code by leveraging the __destruct method.
+     *
+     * @see https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection
+     */
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     /**
      * {@inheritdoc}
      */