Bug #71760
Updated by Valentin Despa over 8 years ago
The class <pre> TYPO3\CMS\Extensionmanager\Controller\UploadExtensionFileController </pre> has the __destruct() (calling removeBackupFolder()) method which will be called after unserialize(). Another example: <pre> TYPO3\CMS\Core\Service\AbstractService </pre> If this class does not need to support for serialization, we should consider implementing the method __wakeup() and throwing an exception. If the class really need to be serialized, than there should be additional checks done before removing a directory (like checking if the deletion takes place in typo3temp, etc.)