From: Matthias Schmidt <gravatronics@live.com>
Date: Wed, 20 Jul 2011 10:59:02 +0000 (+0200)
Subject: Disable serialization of SingletonFactory classes
X-Git-Tag: 2.0.0_Beta_1~1969^2~6^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=185cae8f28babc99bee801a80c1cd0d9fb4d4e5f;p=GitHub%2FWoltLab%2FWCF.git

Disable serialization of SingletonFactory classes

If you don't disable the serialization of SingletonFactory classes, it's
 possible to create multiple instances simply be serializing the existin
g instance and and unserializing it again.
---

diff --git a/wcfsetup/install/files/lib/system/SingletonFactory.class.php b/wcfsetup/install/files/lib/system/SingletonFactory.class.php
index e182f7106e..39cccc72d2 100644
--- a/wcfsetup/install/files/lib/system/SingletonFactory.class.php
+++ b/wcfsetup/install/files/lib/system/SingletonFactory.class.php
@@ -36,6 +36,11 @@ abstract class SingletonFactory {
 	 */
 	protected final function __clone() { }
 	
+	/**
+	 * Object serialization is disallowed.
+	 */
+	protected final function __sleep() { }
+	
 	/**
 	 * Returns an unique instance of current child class.
 	 *