Security update for Core, with self-updated composer

[yaffs-website] / vendor / symfony / serializer / Normalizer / ArrayDenormalizer.php

diff --git a/vendor/symfony/serializer/Normalizer/ArrayDenormalizer.php b/vendor/symfony/serializer/Normalizer/ArrayDenormalizer.php
index 921e312bd0de9a89ffed5dcaf12a3d1b916f783b..9217d51a95908161ee050c405fa81af69f1792e9 100644 (file)
--- a/vendor/symfony/serializer/Normalizer/ArrayDenormalizer.php
+++ b/vendor/symfony/serializer/Normalizer/ArrayDenormalizer.php
@@ -13,6 +13,7 @@ namespace Symfony\Component\Serializer\Normalizer;
 
 use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Exception\InvalidArgumentException;
+use Symfony\Component\Serializer\Exception\UnexpectedValueException;
 use Symfony\Component\Serializer\SerializerAwareInterface;
 use Symfony\Component\Serializer\SerializerInterface;
 
@@ -46,12 +47,16 @@ class ArrayDenormalizer implements DenormalizerInterface, SerializerAwareInterfa
         $serializer = $this->serializer;
         $class = substr($class, 0, -2);
 
-        return array_map(
-            function ($data) use ($serializer, $class, $format, $context) {
-                return $serializer->denormalize($data, $class, $format, $context);
-            },
-            $data
-        );
+        $builtinType = isset($context['key_type']) ? $context['key_type']->getBuiltinType() : null;
+        foreach ($data as $key => $value) {
+            if (null !== $builtinType && !call_user_func('is_'.$builtinType, $key)) {
+                throw new UnexpectedValueException(sprintf('The type of the key "%s" must be "%s" ("%s" given).', $key, $builtinType, gettype($key)));
+            }
+
+            $data[$key] = $serializer->denormalize($value, $class, $format, $context);
+        }
+
+        return $data;
     }
 
     /**