Skip to content

Commit

Permalink
fix(jsonld): mitigate #6465 (#6469)
Browse files Browse the repository at this point in the history
  • Loading branch information
@soyuka
soyuka authored Jul 15, 2024
1 parent dee6471 commit ffb4ad3
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions src/Serializer/AbstractItemNormalizer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,9 +141,7 @@ public function normalize(mixed $object, ?string $format = null, array $context
// Never remove this, with `application/json` we don't use our AbstractCollectionNormalizer and we need
// to remove the collection operation from our context or we'll introduce security issues
if (isset($context['operation']) && $context['operation'] instanceof CollectionOperationInterface) {
unset($context['operation_name']);
unset($context['operation']);
unset($context['iri']);
unset($context['operation_name'], $context['operation'], $context['iri']);
}

if ($this->resourceClassResolver->isResourceClass($resourceClass)) {
Expand Down Expand Up @@ -176,8 +174,7 @@ public function normalize(mixed $object, ?string $format = null, array $context
$data = parent::normalize($object, $format, $context);

$context['data'] = $data;
unset($context['property_metadata']);
unset($context['api_attribute']);
unset($context['property_metadata'], $context['api_attribute']);

if ($emptyResourceAsIri && \is_array($data) && 0 === \count($data)) {
$context['data'] = $iri;
Expand Down Expand Up @@ -761,6 +758,7 @@ protected function getAttributeValue(object $object, string $attribute, ?string
unset(
$context['resource_class'],
$context['force_resource_class'],
$context['uri_variables'],
);

// Anonymous resources
Expand Down Expand Up @@ -791,8 +789,11 @@ protected function getAttributeValue(object $object, string $attribute, ?string
throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class));
}

unset($context['resource_class']);
unset($context['force_resource_class']);
unset(
$context['resource_class'],
$context['force_resource_class'],
$context['uri_variables']
);

$attributeValue = $this->propertyAccessor->getValue($object, $attribute);

Expand Down Expand Up @@ -850,8 +851,7 @@ protected function normalizeRelation(ApiProperty $propertyMetadata, ?object $rel
$context['iri'] = $iri = $this->iriConverter->getIriFromResource(resource: $relatedObject, context: $context);
$context['data'] = $iri;
$context['object'] = $relatedObject;
unset($context['property_metadata']);
unset($context['api_attribute']);
unset($context['property_metadata'], $context['api_attribute']);

if ($this->tagCollector) {
$this->tagCollector->collect($context);
Expand Down Expand Up @@ -909,6 +909,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value
) {
$resourceClass = $this->resourceClassResolver->getResourceClass(null, $className);
$context['resource_class'] = $resourceClass;
unset($context['uri_variables']);

return $this->denormalizeCollection($attribute, $propertyMetadata, $type, $resourceClass, $value, $format, $context);
}
Expand All @@ -933,7 +934,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value
throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class));
}

unset($context['resource_class']);
unset($context['resource_class'], $context['uri_variables']);

return $this->serializer->denormalize($value, $className.'[]', $format, $context);
}
Expand All @@ -943,7 +944,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value
throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class));
}

unset($context['resource_class']);
unset($context['resource_class'], $context['uri_variables']);

return $this->serializer->denormalize($value, $className, $format, $context);
}
Expand Down

0 comments on commit ffb4ad3

Please sign in to comment.