Fix: prevent user serialization for SocialActivity

2025-01-16 21:58:17 +01:00 · 2018-07-19 14:02:23 +02:00 · 2018-07-19 14:02:23 +02:00 · 7dc40c862c
commit 7dc40c862c
parent 5658832972
2 changed files with 7 additions and 2 deletions
--- a/protected/humhub/components/SocialActivity.php
+++ b/protected/humhub/components/SocialActivity.php
@ -374,7 +374,7 @@ abstract class SocialActivity extends \yii\base\BaseObject implements rendering\
    {
        return serialize([
            'source' => $this->source,
-            'originator' => $this->originator
+            'originator_id' => $this->originator->id
        ]);
    }

@ -389,7 +389,7 @@ abstract class SocialActivity extends \yii\base\BaseObject implements rendering\
    {
        $this->init();
        $unserializedArr = unserialize($serialized);
-        $this->from($unserializedArr['originator']);
+        $this->from(User::findOne(['id' => $unserializedArr['originator_id']]));
        $this->about($unserializedArr['source']);
    }
 }
--- a/protected/humhub/docs/CHANGELOG.md
+++ b/protected/humhub/docs/CHANGELOG.md
@ -1,6 +1,10 @@
 HumHub Change Log
 =================

+1.3.0-beta.3
+-----------------------------
+
+- Fix: prevent user serialization for SocialActivity

 1.3.0-beta.2  (July 18, 2018)
 -----------------------------
@ -50,6 +54,7 @@ Please read the [Update Guide](http://docs.humhub.org/beta/admin-updating-130.ht
 - Enh: Removed built and compressed assets from GitHub sources


+
 1.3.0-beta.1  (July 4, 2018)
 ----------------------------