Merge branch '7.2' into 7.3

xabbuh · xabbuh · commit 7c43418b03bd · 2025-05-07T10:12:56.000+02:00
* 7.2:
  properly skip signal test if the pcntl extension is not installed
  ensure that all supported e-mail validation modes can be configured
  [Security][LoginLink] Throw InvalidLoginLinkException on invalid parameters
  don't hardcode OS-depending constant values
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -48,6 +48,7 @@
 use Symfony\Component\Translation\Translator;
 use Symfony\Component\TypeInfo\Type;
 use Symfony\Component\Uid\Factory\UuidFactory;
+use Symfony\Component\Validator\Constraints\Email;
 use Symfony\Component\Validator\Validation;
 use Symfony\Component\Webhook\Controller\WebhookController;
 use Symfony\Component\WebLink\HttpHeaderSerializer;
@@ -1075,7 +1076,7 @@ private function addValidationSection(ArrayNodeDefinition $rootNode, callable $e
                             ->validate()->castToArray()->end()
                         ->end()
                         ->scalarNode('translation_domain')->defaultValue('validators')->end()
-                        ->enumNode('email_validation_mode')->values(['html5', 'loose', 'strict'])->defaultValue('html5')->end()
+                        ->enumNode('email_validation_mode')->values(Email::VALIDATION_MODES + ['loose'])->defaultValue('html5')->end()
                         ->arrayNode('mapping')
                             ->addDefaultsIfNotSet()
                             ->fixXmlConfig('path')
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/PhpFrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/PhpFrameworkExtensionTest.php
@@ -19,6 +19,7 @@
 use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 use Symfony\Component\RateLimiter\CompoundRateLimiterFactory;
 use Symfony\Component\RateLimiter\RateLimiterFactoryInterface;
+use Symfony\Component\Validator\Constraints\Email;
 use Symfony\Component\Workflow\Exception\InvalidDefinitionException;
 
 class PhpFrameworkExtensionTest extends FrameworkExtensionTestCase
@@ -378,4 +379,31 @@ public function testRateLimiterCompoundPolicyInvalidLimiters()
             ]);
         });
     }
+
+    /**
+     * @dataProvider emailValidationModeProvider
+     */
+    public function testValidatorEmailValidationMode(string $mode)
+    {
+        $this->expectNotToPerformAssertions();
+
+        $this->createContainerFromClosure(function (ContainerBuilder $container) use ($mode) {
+            $container->loadFromExtension('framework', [
+                    'annotations' => false,
+                    'http_method_override' => false,
+                    'handle_all_throwables' => true,
+                    'php_errors' => ['log' => true],
+                'validation' => [
+                    'email_validation_mode' => $mode,
+                ],
+            ]);
+        });
+    }
+
+    public function emailValidationModeProvider()
+    {
+        foreach (Email::VALIDATION_MODES as $mode) {
+            yield [$mode];
+        }
+    }
 }
diff --git a/src/Symfony/Component/Console/Tests/SignalRegistry/SignalMapTest.php b/src/Symfony/Component/Console/Tests/SignalRegistry/SignalMapTest.php
@@ -18,15 +18,13 @@ class SignalMapTest extends TestCase
 {
     /**
      * @requires extension pcntl
-     *
-     * @testWith [2, "SIGINT"]
-     *           [9, "SIGKILL"]
-     *           [15, "SIGTERM"]
-     *           [31, "SIGSYS"]
      */
-    public function testSignalExists(int $signal, string $expected)
+    public function testSignalExists()
     {
-        $this->assertSame($expected, SignalMap::getSignalName($signal));
+        $this->assertSame('SIGINT', SignalMap::getSignalName(\SIGINT));
+        $this->assertSame('SIGKILL', SignalMap::getSignalName(\SIGKILL));
+        $this->assertSame('SIGTERM', SignalMap::getSignalName(\SIGTERM));
+        $this->assertSame('SIGSYS', SignalMap::getSignalName(\SIGSYS));
     }
 
     public function testSignalDoesNotExist()
diff --git a/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php b/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php
@@ -84,9 +84,16 @@ public function consumeLoginLink(Request $request): UserInterface
         if (!$hash = $request->get('hash')) {
             throw new InvalidLoginLinkException('Missing "hash" parameter.');
         }
+        if (!is_string($hash)) {
+            throw new InvalidLoginLinkException('Invalid "hash" parameter.');
+        }
+
         if (!$expires = $request->get('expires')) {
             throw new InvalidLoginLinkException('Missing "expires" parameter.');
         }
+        if (preg_match('/^\d+$/', $expires) !== 1) {
+            throw new InvalidLoginLinkException('Invalid "expires" parameter.');
+        }
 
         try {
             $this->signatureHasher->acceptSignatureHash($userIdentifier, $expires, $hash);
diff --git a/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php
@@ -240,6 +240,30 @@ public function testConsumeLoginLinkWithMissingExpiration()
         $linker->consumeLoginLink($request);
     }
 
+    public function testConsumeLoginLinkWithInvalidExpiration()
+    {
+        $user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
+        $this->userProvider->createUser($user);
+
+        $this->expectException(InvalidLoginLinkException::class);
+        $request = Request::create('/login/verify?user=weaverryan&hash=thehash&expires=%E2%80%AA1000000000%E2%80%AC');
+
+        $linker = $this->createLinker();
+        $linker->consumeLoginLink($request);
+    }
+
+    public function testConsumeLoginLinkWithInvalidHash()
+    {
+        $user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
+        $this->userProvider->createUser($user);
+
+        $this->expectException(InvalidLoginLinkException::class);
+        $request = Request::create('/login/verify?user=weaverryan&hash[]=an&hash[]=array&expires=1000000000');
+
+        $linker = $this->createLinker();
+        $linker->consumeLoginLink($request);
+    }
+
     private function createSignatureHash(string $username, int $expires, array $extraFields = ['emailProperty' => 'ryan@symfonycasts.com', 'passwordProperty' => 'pwhash']): string
     {
         $hasher = new SignatureHasher($this->propertyAccessor, array_keys($extraFields), 's3cret');
