Skip to content
This repository was archived by the owner on May 31, 2024. It is now read-only.

Commit 6990c37

Browse files
author
Robin Chalas
committed
[Security] Prefer clone over unserialize(serialize()) for user refreshment
1 parent 91d755d commit 6990c37

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Http/Firewall/ContextListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ protected function refreshUser(TokenInterface $token)
170170

171171
try {
172172
$refreshedUser = $provider->refreshUser($user);
173-
$newToken = unserialize(serialize($token));
173+
$newToken = clone $token;
174174
$newToken->setUser($refreshedUser);
175175

176176
// tokens can be deauthenticated if the user has been changed.

0 commit comments

Comments
 (0)