Add maximum depth to serializer to prevent infinite recursion (#167) #171
Conversation
|
thank @mhvis for you contribution.
Just to make things clear, @Algatux is the original author of the bundle and a lot of @facile-it folks and external contributors maintain it. Kudos should go to @Algatux and all the other contributors as well, you included 🎉 I'll give it a quick look right now, even if it's not highest priority. |
| public static function prepareItemData($item, int $depth = 0) | ||
| { | ||
| // Prevent infinite recursion | ||
| if ($depth > 1_000) { | ||
| return null; | ||
| } | ||
|
|
||
| if (\is_scalar($item)) { | ||
| return $item; | ||
| } | ||
|
|
||
| if (\is_array($item)) { | ||
| return self::prepareUnserializableData($item); | ||
| return self::prepareUnserializableData($item, $depth); | ||
| } |
There was a problem hiding this comment.
Why don't we use a maxDepth approach?
Default it to 256 or so, and then decrease it at each iteration int $maxDepth = 256
To stop infinite recursion you should add
if ($depth < 0) {
return null;
}
so that also negative $maxDepth are correctly managed.
Also, having maxDepth as a parameter cloud make it configurable in the future.
Fixes #167
I'm not sure if this is a good approach. Other suggestions are welcome.
Thanks for reacting to the issue @ilario-pierbattista and thanks for creating this great library.
The issue doesn't really have a high priority, as one shouldn't put circular objects into a Mongo database anyway. So if you don't want to merge this or don't want to fix the issue I can totally understand.