php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-10-29 09:28:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from GHSA-cjcc-p67m-7qxm

Browse Source 
* Fix: Unsafe Reflection in base Component class

* Fix style for consistency

* add changelog entry

* Fix wrong logic

* Fix exception message

* Update framework/CHANGELOG.md

---------

Co-authored-by: Stefano Mtangoo <stefano@hosannahighertech.co.tz>
Co-authored-by: Alexander Makarov <sam@rmcreative.ru>
This commit is contained in:
Stefano D. Mtangoo
2024-05-30 19:15:58 +03:00
committed by GitHub
parent 42e6524413
commit 628d406bfa
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework/CHANGELOG.md
View File

@ -27,11 +27,13 @@ Yii Framework 2 Change Log
- New #20137: Added `yii\caching\CallbackDependency` to allow using a callback to determine if a cache dependency is still valid (laxity7)
- Enh #20134: Raise minimum `PHP` version to `7.3` (@terabytesoftw)
- Bug #20141: Update `ezyang/htmlpurifier` dependency to version `4.17` (@terabytesoftw)
- CVE-2024-4990: Fix Unsafe Reflection in base Component class (@mtangoo)
- Bug #19817: Add MySQL Query `addCheck()` and `dropCheck()` (@bobonov)
- Bug #20165: Adjust pretty name of closures for PHP 8.4 compatibility (@staabm)
- Bug #19855: Fixed `yii\validators\FileValidator` to not limit some of its rules only to array attribute (bizley)
- Enh: #20171: Support JSON columns for MariaDB 10.4 or higher (@terabytesoftw)
2.0.49.2 October 12, 2023
-------------------------

10
framework/base/Component.php
View File

@ -189,7 +189,15 @@ class Component extends BaseObject
} elseif (strncmp($name, 'as ', 3) === 0) {
// as behavior: attach behavior
$name = trim(substr($name, 3));
$this->attachBehavior($name, $value instanceof Behavior ? $value : Yii::createObject($value));
if ($value instanceof Behavior) {
$this->attachBehavior($name, $value);
} elseif (isset($value['class']) && is_subclass_of($value['class'], Behavior::class, true)) {
$this->attachBehavior($name, Yii::createObject($value));
} elseif (is_string($value) && is_subclass_of($value, Behavior::class, true)) {
$this->attachBehavior($name, Yii::createObject($value));
} else {
throw new InvalidConfigException('Class is not of type ' . Behavior::class . ' or its subclasses');
}
return;
}