diff --git a/src/Serializer/AbstractItemNormalizer.php b/src/Serializer/AbstractItemNormalizer.php index 0042511fe2a..834a5e55295 100644 --- a/src/Serializer/AbstractItemNormalizer.php +++ b/src/Serializer/AbstractItemNormalizer.php @@ -141,9 +141,7 @@ public function normalize(mixed $object, ?string $format = null, array $context // Never remove this, with `application/json` we don't use our AbstractCollectionNormalizer and we need // to remove the collection operation from our context or we'll introduce security issues if (isset($context['operation']) && $context['operation'] instanceof CollectionOperationInterface) { - unset($context['operation_name']); - unset($context['operation']); - unset($context['iri']); + unset($context['operation_name'], $context['operation'], $context['iri']); } if ($this->resourceClassResolver->isResourceClass($resourceClass)) { @@ -176,8 +174,7 @@ public function normalize(mixed $object, ?string $format = null, array $context $data = parent::normalize($object, $format, $context); $context['data'] = $data; - unset($context['property_metadata']); - unset($context['api_attribute']); + unset($context['property_metadata'], $context['api_attribute']); if ($emptyResourceAsIri && \is_array($data) && 0 === \count($data)) { $context['data'] = $iri; @@ -761,6 +758,7 @@ protected function getAttributeValue(object $object, string $attribute, ?string unset( $context['resource_class'], $context['force_resource_class'], + $context['uri_variables'], ); // Anonymous resources @@ -791,8 +789,11 @@ protected function getAttributeValue(object $object, string $attribute, ?string throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class)); } - unset($context['resource_class']); - unset($context['force_resource_class']); + unset( + $context['resource_class'], + $context['force_resource_class'], + $context['uri_variables'] + ); $attributeValue = $this->propertyAccessor->getValue($object, $attribute); @@ -850,8 +851,7 @@ protected function normalizeRelation(ApiProperty $propertyMetadata, ?object $rel $context['iri'] = $iri = $this->iriConverter->getIriFromResource(resource: $relatedObject, context: $context); $context['data'] = $iri; $context['object'] = $relatedObject; - unset($context['property_metadata']); - unset($context['api_attribute']); + unset($context['property_metadata'], $context['api_attribute']); if ($this->tagCollector) { $this->tagCollector->collect($context); @@ -909,6 +909,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value ) { $resourceClass = $this->resourceClassResolver->getResourceClass(null, $className); $context['resource_class'] = $resourceClass; + unset($context['uri_variables']); return $this->denormalizeCollection($attribute, $propertyMetadata, $type, $resourceClass, $value, $format, $context); } @@ -933,7 +934,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class)); } - unset($context['resource_class']); + unset($context['resource_class'], $context['uri_variables']); return $this->serializer->denormalize($value, $className.'[]', $format, $context); } @@ -943,7 +944,7 @@ private function createAndValidateAttributeValue(string $attribute, mixed $value throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class)); } - unset($context['resource_class']); + unset($context['resource_class'], $context['uri_variables']); return $this->serializer->denormalize($value, $className, $format, $context); }