More checks in isValidKey.

ivopetkov · Apr 21, 2016 · a69d3c5 · a69d3c5
1 parent 161b2a5
commit a69d3c5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/ObjectStorage.php b/src/ObjectStorage.php
@@ -346,7 +346,7 @@ protected function hasMetadataInArray($data)
      */
     public function isValidKey($key)
     {
-        if (strlen($key) === 0 || $key === '.' || $key === '..' || strpos($key, '/../') !== false || strpos($key, '/./') !== false || strpos($key, '/') === 0 || strpos($key, './') === 0 || strpos($key, '../') === 0 || substr($key, -2) === '/.' || substr($key, -3) === '/..' || substr($key, -1) === '/') {
+        if (!is_string($key) || strlen($key) === 0 || $key === '.' || $key === '..' || strpos($key, '/../') !== false || strpos($key, '/./') !== false || strpos($key, '/') === 0 || strpos($key, './') === 0 || strpos($key, '../') === 0 || substr($key, -2) === '/.' || substr($key, -3) === '/..' || substr($key, -1) === '/') {
             return false;
         }
         return preg_match("/^[a-z0-9\.\/\-\_]*$/", $key) === 1;