symfony/class-loader
1
0
Fork 0
mirror of https://github.com/symfony/class-loader.git synced 2026-03-24 17:22:11 +01:00
Code Issues 3 Packages Projects Releases 10 Wiki Activity

[PR #4] [CLOSED] Prevent possible security exploit #7

New Issue
Closed
opened 2026-01-24 11:43:25 +01:00 by admin · 0 comments
admin commented 2026-01-24 11:43:25 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/symfony/class-loader/pull/4
Author: @nickl-
Created: 8/5/2012
Status: Closed

Base: masterHead: master

📝 Commits (1)

📊 Changes

1 file changed (+5 additions, -1 deletions)

View changed files

📝 UniversalClassLoader.php (+5 -1)

📄 Description

While doing development on Respect/Loader a massive security vulnerability was discovered which has the possibility to have huge repercussions as it gives any include file scope to hijack the autoloader.
see Respect/Loader#6 for more information.

This fix will also prevent an included script from auto-outputting anything as a result from the include call which will prevent any unwanted source code from ever being revealed as a result of faulty tags or phising for information when a script manages to be included by someone trying to exploit the application.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/symfony/class-loader/pull/4 **Author:** [@nickl-](https://github.com/nickl-) **Created:** 8/5/2012 **Status:** ❌ Closed **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`e7a4564`](https://github.com/symfony/class-loader/commit/e7a45647886333e5ea2d77650faa1bddd017b9b8) Prevent possible security exploit see Respect/Loader#6 ### 📊 Changes **1 file changed** (+5 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `UniversalClassLoader.php` (+5 -1) </details> ### 📄 Description While doing development on Respect/Loader a massive security vulnerability was discovered which has the possibility to have huge repercussions as it gives any include file scope to hijack the autoloader. see Respect/Loader#6 for more information. This fix will also prevent an included script from auto-outputting anything as a result from the include call which will prevent any unwanted source code from ever being revealed as a result of faulty tags or phising for information when a script manages to be included by someone trying to exploit the application. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
admin added the pull-request label 2026-01-24 11:43:25 +01:00
admin closed this issue 2026-01-24 11:43:25 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
pull-request
Mirrored from GitHub Pull Request
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: symfony/class-loader#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?