From d8c419c304ad783d419f77aa03e83ee1adf23efd Mon Sep 17 00:00:00 2001
From: =?utf8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Tue, 21 Jun 2022 11:33:46 +0200
Subject: [PATCH] Explicitely only accept closures from our dependencies in
 ClosureJob
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 lib/private/Command/ClosureJob.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/private/Command/ClosureJob.php b/lib/private/Command/ClosureJob.php
index 96b0947129e..5639852e4db 100644
--- a/lib/private/Command/ClosureJob.php
+++ b/lib/private/Command/ClosureJob.php
@@ -23,10 +23,13 @@
 namespace OC\Command;
 
 use OC\BackgroundJob\QueuedJob;
+use Laravel\SerializableClosure\SerializableClosure as LaravelClosure;
+use Opis\Closure\SerializableClosure as OpisClosure;
 
 class ClosureJob extends QueuedJob {
 	protected function run($serializedCallable) {
-		$callable = unserialize($serializedCallable)->getClosure();
+		$callable = unserialize($serializedCallable, [LaravelClosure::class, OpisClosure::class]);
+		$callable = $callable->getClosure();
 		if (is_callable($callable)) {
 			$callable();
 		} else {
-- 
2.39.5