Merge branch '3.4' into 4.4

nicolas-grekas · nicolas-grekas · commit 099481f2378d · 2020-03-23T13:37:11.000+01:00
* 3.4:
  [Http Foundation] Fix clear cookie samesite
  [Security] Check if firewall is stateless before checking for session/previous session
  [Form] Support customized intl php.ini settings
  [Security] Remember me: allow to set the samesite cookie flag
  [Debug] fix for PHP 7.3.16+/7.4.4+
  [Validator] Backport translations
  Prevent warning in proc_open()
diff --git a/src/Symfony/Component/Debug/ErrorHandler.php b/src/Symfony/Component/Debug/ErrorHandler.php
@@ -499,7 +499,7 @@ public function handleError($type, $message, $file, $line)
         if ($this->isRecursive) {
             $log = 0;
         } else {
-            if (!\defined('HHVM_VERSION')) {
+            if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404) && !\defined('HHVM_VERSION')) {
                 $currentErrorHandler = set_error_handler('var_dump');
                 restore_error_handler();
             }
@@ -511,7 +511,7 @@ public function handleError($type, $message, $file, $line)
             } finally {
                 $this->isRecursive = false;
 
-                if (!\defined('HHVM_VERSION')) {
+                if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404) && !\defined('HHVM_VERSION')) {
                     set_error_handler($currentErrorHandler);
                 }
             }
diff --git a/src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php b/src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
@@ -329,8 +329,6 @@ public function testHandleDeprecation()
         $handler = new ErrorHandler();
         $handler->setDefaultLogger($logger);
         @$handler->handleError(E_USER_DEPRECATED, 'Foo deprecation', __FILE__, __LINE__, []);
-
-        restore_error_handler();
     }
 
     public function testHandleException()
diff --git a/src/Symfony/Component/ErrorHandler/ErrorHandler.php b/src/Symfony/Component/ErrorHandler/ErrorHandler.php
@@ -519,7 +519,7 @@ public function handleError(int $type, string $message, string $file, int $line)
         if ($this->isRecursive) {
             $log = 0;
         } else {
-            if (!\defined('HHVM_VERSION')) {
+            if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404)) {
                 $currentErrorHandler = set_error_handler('var_dump');
                 restore_error_handler();
             }
@@ -531,7 +531,7 @@ public function handleError(int $type, string $message, string $file, int $line)
             } finally {
                 $this->isRecursive = false;
 
-                if (!\defined('HHVM_VERSION')) {
+                if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404)) {
                     set_error_handler($currentErrorHandler);
                 }
             }
diff --git a/src/Symfony/Component/ErrorHandler/Tests/ErrorHandlerTest.php b/src/Symfony/Component/ErrorHandler/Tests/ErrorHandlerTest.php
@@ -363,8 +363,6 @@ public function testHandleDeprecation()
         $handler = new ErrorHandler();
         $handler->setDefaultLogger($logger);
         @$handler->handleError(E_USER_DEPRECATED, 'Foo deprecation', __FILE__, __LINE__, []);
-
-        restore_error_handler();
     }
 
     /**
@@ -618,6 +616,10 @@ public function errorHandlerWhenLoggingProvider(): iterable
 
     public function testAssertQuietEval()
     {
+        if ('-1' === ini_get('zend.assertions')) {
+            $this->markTestSkipped('zend.assertions is forcibly disabled');
+        }
+
         $ini = [
             ini_set('zend.assertions', 1),
             ini_set('assert.active', 1),
diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php
@@ -117,11 +117,16 @@ public function reverseTransform($value)
         // date-only patterns require parsing to be done in UTC, as midnight might not exist in the local timezone due
         // to DST changes
         $dateOnly = $this->isPatternDateOnly();
+        $dateFormatter = $this->getIntlDateFormatter($dateOnly);
 
-        $timestamp = $this->getIntlDateFormatter($dateOnly)->parse($value);
+        try {
+            $timestamp = @$dateFormatter->parse($value);
+        } catch (\IntlException $e) {
+            throw new TransformationFailedException($e->getMessage(), $e->getCode(), $e);
+        }
 
         if (0 != intl_get_error_code()) {
-            throw new TransformationFailedException(intl_get_error_message());
+            throw new TransformationFailedException(intl_get_error_message(), intl_get_error_code());
         } elseif ($timestamp > 253402214400) {
             // This timestamp represents UTC midnight of 9999-12-31 to prevent 5+ digit years
             throw new TransformationFailedException('Years beyond 9999 are not supported.');
diff --git a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php
@@ -27,6 +27,12 @@ protected function setUp(): void
     {
         parent::setUp();
 
+        // Normalize intl. configuration settings.
+        if (\extension_loaded('intl')) {
+            $this->iniSet('intl.use_exceptions', 0);
+            $this->iniSet('intl.error_level', 0);
+        }
+
         // Since we test against "de_AT", we need the full implementation
         IntlTestHelper::requireFullIntl($this, '57.1');
 
@@ -322,4 +328,44 @@ public function testReverseTransformFiveDigitYearsWithTimestamp()
         $transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, null, \IntlDateFormatter::GREGORIAN, 'yyyy-MM-dd HH:mm:ss');
         $transformer->reverseTransform('20107-03-21 12:34:56');
     }
+
+    public function testReverseTransformWrapsIntlErrorsWithErrorLevel()
+    {
+        if (!\extension_loaded('intl')) {
+            $this->markTestSkipped('intl extension is not loaded');
+        }
+
+        $this->iniSet('intl.error_level', E_WARNING);
+
+        $this->expectException('Symfony\Component\Form\Exception\TransformationFailedException');
+        $transformer = new DateTimeToLocalizedStringTransformer();
+        $transformer->reverseTransform('12345');
+    }
+
+    public function testReverseTransformWrapsIntlErrorsWithExceptions()
+    {
+        if (!\extension_loaded('intl')) {
+            $this->markTestSkipped('intl extension is not loaded');
+        }
+
+        $this->iniSet('intl.use_exceptions', 1);
+
+        $this->expectException('Symfony\Component\Form\Exception\TransformationFailedException');
+        $transformer = new DateTimeToLocalizedStringTransformer();
+        $transformer->reverseTransform('12345');
+    }
+
+    public function testReverseTransformWrapsIntlErrorsWithExceptionsAndErrorLevel()
+    {
+        if (!\extension_loaded('intl')) {
+            $this->markTestSkipped('intl extension is not loaded');
+        }
+
+        $this->iniSet('intl.use_exceptions', 1);
+        $this->iniSet('intl.error_level', E_WARNING);
+
+        $this->expectException('Symfony\Component\Form\Exception\TransformationFailedException');
+        $transformer = new DateTimeToLocalizedStringTransformer();
+        $transformer->reverseTransform('12345');
+    }
 }
diff --git a/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php b/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php
@@ -252,10 +252,13 @@ public function getCookies($format = self::COOKIES_FLAT)
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
-    public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true)
+    public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true/*, $sameSite = null*/)
     {
-        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, null));
+        $sameSite = \func_num_args() > 5 ? func_get_arg(5) : null;
+
+        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));
     }
 
     /**
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()
         $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);
     }
 
+    public function testClearCookieSamesite()
+    {
+        $bag = new ResponseHeaderBag([]);
+
+        $bag->clearCookie('foo', '/', null, true, false, 'none');
+        $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);
+    }
+
     public function testReplace()
     {
         $bag = new ResponseHeaderBag([]);
diff --git a/src/Symfony/Component/Process/Process.php b/src/Symfony/Component/Process/Process.php
@@ -336,7 +336,7 @@ public function start(callable $callback = null, array $env = [])
             throw new RuntimeException(sprintf('The provided cwd "%s" does not exist.', $this->cwd));
         }
 
-        $this->process = proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envPairs, $options);
+        $this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envPairs, $options);
 
         if (!\is_resource($this->process)) {
             throw new RuntimeException('Unable to launch a new process.');
diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
@@ -127,7 +127,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn
 
     private function migrateSession(Request $request, TokenInterface $token, ?string $providerKey)
     {
-        if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession() || \in_array($providerKey, $this->statelessProviderKeys, true)) {
+        if (\in_array($providerKey, $this->statelessProviderKeys, true) || !$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
             return;
         }
 
diff --git a/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php b/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php
@@ -153,6 +153,25 @@ public function testSessionStrategyIsNotCalledWhenStateless()
         $handler->authenticateWithToken($this->token, $this->request, 'some_provider_key');
     }
 
+    /**
+     * @requires function \Symfony\Component\HttpFoundation\Request::setSessionFactory
+     */
+    public function testSessionIsNotInstantiatedOnStatelessFirewall()
+    {
+        $sessionFactory = $this->getMockBuilder(\stdClass::class)
+            ->setMethods(['__invoke'])
+            ->getMock();
+
+        $sessionFactory->expects($this->never())
+            ->method('__invoke');
+
+        $this->request->setSessionFactory($sessionFactory);
+
+        $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, ['stateless_provider_key']);
+        $handler->setSessionAuthenticationStrategy($this->sessionStrategy);
+        $handler->authenticateWithToken($this->token, $this->request, 'stateless_provider_key');
+    }
+
     protected function setUp(): void
     {
         $this->tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();
diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
@@ -39,6 +39,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
     protected $options = [
         'secure' => false,
         'httponly' => true,
+        'samesite' => null,
     ];
     private $providerKey;
     private $secret;
@@ -276,7 +277,7 @@ protected function cancelCookie(Request $request)
             $this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);
         }
 
-        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite'] ?? null));
+        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite']));
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -86,7 +86,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
 
@@ -121,7 +121,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
     }
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -83,7 +83,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
     }
diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.en.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
@@ -374,6 +374,14 @@
                 <source>The number of elements in this collection should be a multiple of {{ compared_value }}.</source>
                 <target>The number of elements in this collection should be a multiple of {{ compared_value }}.</target>
             </trans-unit>
+            <trans-unit id="97">
+                <source>This value should satisfy at least one of the following constraints:</source>
+                <target>This value should satisfy at least one of the following constraints:</target>
+            </trans-unit>
+            <trans-unit id="98">
+                <source>Each element of this collection should satisfy its own set of constraints.</source>
+                <target>Each element of this collection should satisfy its own set of constraints.</target>
+            </trans-unit>
         </body>
     </file>
 </xliff>
diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
@@ -374,6 +374,14 @@
                 <source>The number of elements in this collection should be a multiple of {{ compared_value }}.</source>
                 <target>El número de elementos en esta colección debería ser múltiplo de {{ compared_value }}.</target>
             </trans-unit>
+            <trans-unit id="97">
+                <source>This value should satisfy at least one of the following constraints:</source>
+                <target>Este valor debería satisfacer al menos una de las siguientes restricciones:</target>
+            </trans-unit>
+            <trans-unit id="98">
+                <source>Each element of this collection should satisfy its own set of constraints.</source>
+                <target>Cada elemento de esta colección debería satisfacer su propio conjunto de restricciones.</target>
+            </trans-unit>
         </body>
     </file>
 </xliff>
diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
@@ -374,6 +374,14 @@
                 <source>The number of elements in this collection should be a multiple of {{ compared_value }}.</source>
                 <target>Liczba elementów w tym zbiorze powinna być wielokrotnością {{ compared_value }}.</target>
             </trans-unit>
+            <trans-unit id="97">
+                <source>This value should satisfy at least one of the following constraints:</source>
+                <target>Ta wartość powinna spełniać co najmniej jedną z następujących reguł:</target>
+            </trans-unit>
+            <trans-unit id="98">
+                <source>Each element of this collection should satisfy its own set of constraints.</source>
+                <target>Każdy element w tym zbiorze powinien spełniać własny zestaw reguł.</target>
+            </trans-unit>
         </body>
     </file>
 </xliff>

Original file line number	Diff line number	Diff line change
`@@ -499,7 +499,7 @@ public function handleError($type, $message, $file, $line)`
`499`	`499`	`if ($this->isRecursive) {`
`500`	`500`	`$log = 0;`
`501`	`501`	`} else {`
`502`		`- if (!\defined('HHVM_VERSION')) {`
	`502`	`+ if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404) && !\defined('HHVM_VERSION')) {`
`503`	`503`	`$currentErrorHandler = set_error_handler('var_dump');`
`504`	`504`	`restore_error_handler();`
`505`	`505`	`}`
`@@ -511,7 +511,7 @@ public function handleError($type, $message, $file, $line)`
`511`	`511`	`} finally {`
`512`	`512`	`$this->isRecursive = false;`
`513`	`513`
`514`		`- if (!\defined('HHVM_VERSION')) {`
	`514`	`+ if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404) && !\defined('HHVM_VERSION')) {`
`515`	`515`	`set_error_handler($currentErrorHandler);`
`516`	`516`	`}`
`517`	`517`	`}`
Original file line number	Diff line number	Diff line change
`@@ -329,8 +329,6 @@ public function testHandleDeprecation()`
`329`	`329`	`$handler = new ErrorHandler();`
`330`	`330`	`$handler->setDefaultLogger($logger);`
`331`	`331`	`@$handler->handleError(E_USER_DEPRECATED, 'Foo deprecation', __FILE__, __LINE__, []);`
`332`		`-`
`333`		`- restore_error_handler();`
`334`	`332`	`}`
`335`	`333`
`336`	`334`	`public function testHandleException()`
Original file line number	Diff line number	Diff line change
`@@ -519,7 +519,7 @@ public function handleError(int $type, string $message, string $file, int $line)`
`519`	`519`	`if ($this->isRecursive) {`
`520`	`520`	`$log = 0;`
`521`	`521`	`} else {`
`522`		`- if (!\defined('HHVM_VERSION')) {`
	`522`	`+ if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404)) {`
`523`	`523`	`$currentErrorHandler = set_error_handler('var_dump');`
`524`	`524`	`restore_error_handler();`
`525`	`525`	`}`
`@@ -531,7 +531,7 @@ public function handleError(int $type, string $message, string $file, int $line)`
`531`	`531`	`} finally {`
`532`	`532`	`$this->isRecursive = false;`
`533`	`533`
`534`		`- if (!\defined('HHVM_VERSION')) {`
	`534`	`+ if (\PHP_VERSION_ID < (\PHP_VERSION_ID < 70400 ? 70316 : 70404)) {`
`535`	`535`	`set_error_handler($currentErrorHandler);`
`536`	`536`	`}`
`537`	`537`	`}`
Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()`
`128`	`128`	`$this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);`
`129`	`129`	`}`
`130`	`130`
	`131`	`+ public function testClearCookieSamesite()`
	`132`	`+ {`
	`133`	`+ $bag = new ResponseHeaderBag([]);`
	`134`	`+`
	`135`	`+ $bag->clearCookie('foo', '/', null, true, false, 'none');`
	`136`	`+ $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);`
	`137`	`+ }`
	`138`	`+`
`131`	`139`	`public function testReplace()`
`132`	`140`	`{`
`133`	`141`	`$bag = new ResponseHeaderBag([]);`
Original file line number	Diff line number	Diff line change
`@@ -336,7 +336,7 @@ public function start(callable $callback = null, array $env = [])`
`336`	`336`	`throw new RuntimeException(sprintf('The provided cwd "%s" does not exist.', $this->cwd));`
`337`	`337`	`}`
`338`	`338`
`339`		`- $this->process = proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envPairs, $options);`
	`339`	`+ $this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envPairs, $options);`
`340`	`340`
`341`	`341`	`if (!\is_resource($this->process)) {`
`342`	`342`	`throw new RuntimeException('Unable to launch a new process.');`
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn`
`127`	`127`
`128`	`128`	`private function migrateSession(Request $request, TokenInterface $token, ?string $providerKey)`
`129`	`129`	`{`
`130`		`- if (!$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession() \|\| \in_array($providerKey, $this->statelessProviderKeys, true)) {`
	`130`	`+ if (\in_array($providerKey, $this->statelessProviderKeys, true) \|\| !$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession()) {`
`131`	`131`	`return;`
`132`	`132`	`}`
`133`	`133`