From 4fb975281634b8d49ebf013af9e502e67c28816b Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 2 Apr 2019 17:51:53 +0200 Subject: [PATCH 01/13] Prevent destructors with side-effects from being unserialized --- .../PhpUnit/Legacy/SymfonyTestsListenerTrait.php | 10 ++++++++++ .../Tests/Kernel/ConcreteMicroKernel.php | 10 ++++++++++ .../Component/Cache/Traits/FilesystemCommonTrait.php | 10 ++++++++++ 3 files changed, 30 insertions(+) diff --git a/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php b/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php index 6333c4fd763a2..2c7391a00bbda 100644 --- a/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php +++ b/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php @@ -83,6 +83,16 @@ public function __construct(array $mockedNamespaces = array()) } } + public function __sleep() + { + throw new \BadMethodCallException('Cannot serialize '.__CLASS__); + } + + public function __wakeup() + { + throw new \BadMethodCallException('Cannot unserialize '.__CLASS__); + } + public function __destruct() { if (0 < $this->state) { diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php index c436d979c7c67..12669620a1a06 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php @@ -64,6 +64,16 @@ public function getLogDir() return $this->cacheDir; } + public function __sleep() + { + throw new \BadMethodCallException('Cannot serialize '.__CLASS__); + } + + public function __wakeup() + { + throw new \BadMethodCallException('Cannot unserialize '.__CLASS__); + } + public function __destruct() { $fs = new Filesystem(); diff --git a/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php b/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php index 274eb73259654..5510898b80595 100644 --- a/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php +++ b/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php @@ -116,6 +116,16 @@ public static function throwError($type, $message, $file, $line) throw new \ErrorException($message, 0, $type, $file, $line); } + public function __sleep() + { + throw new \BadMethodCallException('Cannot serialize '.__CLASS__); + } + + public function __wakeup() + { + throw new \BadMethodCallException('Cannot unserialize '.__CLASS__); + } + public function __destruct() { if (method_exists(parent::class, '__destruct')) { From ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2 Mon Sep 17 00:00:00 2001 From: Christophe Coevoet Date: Sat, 6 Apr 2019 11:38:26 +0200 Subject: [PATCH 02/13] Fix XSS issues in the form theme of the PHP templating engine --- .../Resources/views/Form/choice_widget_collapsed.html.php | 2 +- .../FrameworkBundle/Resources/views/Form/form_errors.html.php | 2 +- .../FrameworkBundle/Resources/views/Form/form_start.html.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php index c63d354e1789c..6a57d585c7b57 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php @@ -11,7 +11,7 @@ 0): ?> block($form, 'choice_widget_options', ['choices' => $preferred_choices]) ?> 0 && null !== $separator): ?> - + block($form, 'choice_widget_options', ['choices' => $choices]) ?> diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_errors.html.php b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_errors.html.php index 77c60d7dfb3d3..d97179e9a680c 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_errors.html.php +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_errors.html.php @@ -1,7 +1,7 @@ 0): ?> diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_start.html.php b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_start.html.php index ba2f3a4791987..7e244258053ff 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_start.html.php +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_start.html.php @@ -1,6 +1,6 @@ -
action="" $v) { printf(' %s="%s"', $view->escape($k), $view->escape($v)); } ?> enctype="multipart/form-data"> + action="escape($action) ?>" $v) { printf(' %s="%s"', $view->escape($k), $view->escape($v)); } ?> enctype="multipart/form-data"> - + From a29ce2817cf43bb1850cf6af114004ac26c7a081 Mon Sep 17 00:00:00 2001 From: Pascal Borreli Date: Sat, 6 Apr 2019 11:40:18 +0100 Subject: [PATCH 03/13] [Security] Add a separator in the remember me cookie hash --- .../Security/Http/RememberMe/TokenBasedRememberMeServices.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php index 48d88e5730b27..952211333930e 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php @@ -120,6 +120,6 @@ protected function generateCookieValue($class, $username, $expires, $password) */ protected function generateCookieHash($class, $username, $expires, $password) { - return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret()); + return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret()); } } From e294ee6b9a8991cf29f67563eba40cdd9ad1c57c Mon Sep 17 00:00:00 2001 From: Tony Vermeiren Date: Tue, 16 Apr 2019 08:01:19 +0200 Subject: [PATCH 04/13] Make MimeTypeExtensionGuesser case insensitive --- .../File/MimeType/MimeTypeExtensionGuesser.php | 8 +++++++- .../File/Fixtures/case-sensitive-mime-type.xlsm | Bin 0 -> 4791 bytes .../Tests/File/UploadedFileTest.php | 13 +++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/case-sensitive-mime-type.xlsm diff --git a/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeExtensionGuesser.php b/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeExtensionGuesser.php index d5acb34094c11..c0f9140c800a2 100644 --- a/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeExtensionGuesser.php +++ b/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeExtensionGuesser.php @@ -808,6 +808,12 @@ class MimeTypeExtensionGuesser implements ExtensionGuesserInterface */ public function guess($mimeType) { - return isset($this->defaultExtensions[$mimeType]) ? $this->defaultExtensions[$mimeType] : null; + if (isset($this->defaultExtensions[$mimeType])) { + return $this->defaultExtensions[$mimeType]; + } + + $lcMimeType = strtolower($mimeType); + + return isset($this->defaultExtensions[$lcMimeType]) ? $this->defaultExtensions[$lcMimeType] : null; } } diff --git a/src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/case-sensitive-mime-type.xlsm b/src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/case-sensitive-mime-type.xlsm new file mode 100644 index 0000000000000000000000000000000000000000..94d85e6132c553225a1628f056151bee22f5b352 GIT binary patch literal 4791 zcmaJ_by$;q7bYA%x^yBTjifNTk=Ou7hct}dMu}1)H4rK35NQxZL_|6iLAsH0l%O;y zAfX`N_Qof#*ZX=ue{9#To%1};ea^YhIX@Vb@EkoJ2?+__b=!Ddyfe6f{eIhB*xC#3 z?k#)^<>h9FLb(auMz{;%etDYEOV%breeK{RS|lKAJR(Z`=4F*yeMPpyQQ{h{u6B*n z*{FQR29E{Tx?QOQv8jFV-bQGgOaY+KlYru-m{AD`ztgML^bI(^ig14+X1YeKyEMF4N~R&w0F@TI(O9KU^{Q%+*e{J|iPM;uBli)XwJwO0^Qg zpu{Bc1O#}^*jG%)$HRmDCkf1dl7M@CZ)Z5%$6NT14^bQsu}1Ip--}QOZJXTQo1M(V z^t9Wi4a!IoX2AS-vfD4dFW)8S5>`7kyDrYUkKt^sNq-Zm@Qb`r0E0;A&D^i#W<*PG1%abL(59t#%7#hGF!MY7$c5 zyJlS;sC)~4;!m<<{IbhE1V{WW5fXKs{D(7yvvfoCi$_GhN$1&B+@^(=-*jCt=?plX+`^<*m; zt6gl=fy3Sl4*Sn8Blp*3C2wfmGa5pQNxQwnOp9;W=%GM9?b^5a+aQOd-9G-09_|HS z>7kkVUQsu<+Q1=UWHY{#a{HThOl)!%)INJ++0qiJ!a2SXESu^Qu))yA!RiZFxkhmC zEf23bf563DU4L<*Tgxos?Rg=sMo`C#WdXrQWUJqJxMTErX0XDpt{=5?v=???!HrOwGfj~uTb1MB*4QnA^KhQQ2nf)zr`cgpc{!Tn&tz6 zbF&CRt2O3SLXDaPycz0}?uRRhHML zc}9J0wy)%1^+Ms(9UJQgGU=j&943G?bLBoEo2kv6nGc2i3Zwqp!$EL+V|K9jT&*8K zqE>b0ZoX!zPX7b#7rO}iyG%6%ugt&cQEQ)Ml6T02*B`M`Sf+ABz8s*E;N4K7(2Q%J zHO_zTUe6m5zFff`FWJvyMYkE=`|zmOWZF6=?Mq;=vwlyUS$7e@wR)sva7wc4fy@Ve zv1jun3pyfO20!i&X=WIrA3j|)d)56TuC`dUX+k}4f~+3%NgaCrs(7TE1V=Q-sfojT z%C&n=HMbsFhx708IacTQX6<&fSgVCF2ztn5#s?SzHZ|2&8NmtDI zVy>CA=XtCxkr+OE`I!AwM+50}GGTzsy_Lvh+na1b1z_+MQ;xnE!H~h(<|xE#b1AwD zf1h^@p}WXLg5IGEg0-``^PT5aTnlA04)=|1-TLJEOqqix?hPAB8za-e;p_bGRwS^yj@bbl_9?u=Vrvb9AcZBbK6vidaWwG4hW31$&2!EG2z&{hm z+sDrx?v2yh&2(i{mI!_4_ILW!ZGnVh7g>Cx_xD`VO3e*iMykUIiOMg4rgTByRu5uG zLk!=gZd4jVglkUaPG{$+ZioV(88c{HH+12?79K{&dYNB8LsU=g(DqSa(<@C7hge%t zE)DYWTaz!5uq^cG_eA}$yKFw;Q2Vv(k4i=pjn#6xGRbZyLXBt$RgG>p7$-YS>z36? zemTi7q2czp7!6M`R4*_TiogdohgU4n zQ(VaXo~G~0ocl(6wHe`l!n_=G!aYgqX-a4Rn3j|RHjyJK(R2>KvCVe6PEn01TKx5r zyGR~_ZCj;`!gs-gSc()LL$6Q$1EwLxV_|@S=6rl%df&6l1&LQ~sy98}HT{Cx-T{#P z^A(^NDV-$G-6X%#Kxac$Xm>ee zwPU_e2S#7RJ4x=h;DZeTQdvG!q^I7t{-vDvSjVtFRwS5YFN^RLCbwNwh zZ!tY(9BvQ~aNEPJC}qVHYk60&O24m?U`jp*!hhr_N_-|;eCMWUe)g&SW?UKl>}{%s ziy;HEM2I+wCJWT=+`~gjT&g#a*k@E?HIkP0cd1T}P4z!#tUu?f#MioSL@3bP0nz*i z5;IC9dBu&|nvLw@mtJuqK`-wWw1@5NtI^R?#8$nD^Sl%M!>(vn8+m0`gd1vg&&cc^ zK{K~~P)U354^KZ~aDV=tw=_~3`Y2U?ulVbby}kwIp27g11PIy6t`2k!6s88W$8!@z=PR99@!RMO7br5b6NG;Zj{t8z=m~bSq`*uOJ3j#}|nrMM= zG@0KlJgB~RZabOsJcWp+4ow>Sr>!o=(b_onljPpj^mMw0`cGaSc6&tqO|;=6PCfxT zmxDC5w{jR*u3AIxn?E}4{X~bODI!xma|=tt0G6u%9>nOd|8PLr!@N))-oo}by?sy! zoG!c^)j@@dFcW|Nt^inNxdAhzu%Q>1-KcC&3owZm536x`0y5j5F+r~kJB+>`O*;jq@oXJeix@R zFGEx$>P3{t&Gq#8rAau_ge=e1eFMgl%S)#2%-!|87^B3RC(5aTP}}T*UR>F6&W->h7uv5GgdZ2>RJ`d}14&iQ zY!F5+PR|Cie{5M#ij~VS<5H~FyC-=mmtBRXN%vYM)2RzpzQRuRe|y4|CYFgetNY)R4rZlnfP#Hx-{MmK%(LP-goS+{JR0xk=l;Ms@gU3sUQa8#G+1R+KLeNrAG{! zl$%6L5-p9^{aTEGg;>^@6A|+WJ+ZhXwma8Xa}KiS*(+}D!=Pvock?n4P2uV!_S~=?z3Th0q2~Ibf;wJ2`MrdcgB$`AO%_Z7(}N z>J^^hN`@JPqw?HXQ8xK#U?4$f*tN7tWZvhaXaXIncj`2g6 zOA02NL$f9(gsOfEi2}gj`YKreVT3&Fg*A1K%x7MM6$0)vDX^Vg? zpuLj?O+!+s=2sj(7BJkiTFfM7m$U;Od&#wY7->8wl)`s)vic6EX=lH;fBEFF&@7o?t$(*L^oJIhY~TL8b3^# zB;Z^+u}_>SaXE1<;^GyqP32%flc;spqbx2FZXz*!y!tk8*b8#gn zl}1+W^nIew@otnu_MaBer;Ele9e#WG^%%RI{f%P6Vv6?g^t~^ctX`}OK40_Pb#q)f z_ogiK3JM9nzLPKWJ7rC8A;6Jed~8E4hb10-4kzmP1oU`64;jvG-nc`Cf8xK79Den4 zb_c=j=|2I$-WluXU$^#Oy__9Lar??osA8Y}FE4*@FTWa}ZSlC7^(O+cixJlN=LGw! z>Dji2n*n~piS!>6!LNpA)f$(*KM_avuRZct2WJ%oC+a^zO>x%2UlRYT`PsU{$;?kQ qV=4H5kN!(^eziWE82^0wPn7>!i7+StOC=s2DfUvpYM%Wc_xvA{ir)|b literal 0 HcmV?d00001 diff --git a/src/Symfony/Component/HttpFoundation/Tests/File/UploadedFileTest.php b/src/Symfony/Component/HttpFoundation/Tests/File/UploadedFileTest.php index 9c02b478edc03..5a37cda351f9a 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/File/UploadedFileTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/File/UploadedFileTest.php @@ -90,6 +90,19 @@ public function testGuessClientExtensionWithIncorrectMimeType() $this->assertEquals('jpeg', $file->guessClientExtension()); } + public function testCaseSensitiveMimeType() + { + $file = new UploadedFile( + __DIR__.'/Fixtures/case-sensitive-mime-type.xlsm', + 'test.xlsm', + 'application/vnd.ms-excel.sheet.macroEnabled.12', + filesize(__DIR__.'/Fixtures/case-sensitive-mime-type.xlsm'), + null + ); + + $this->assertEquals('xlsm', $file->guessClientExtension()); + } + public function testErrorIsOkByDefault() { $file = new UploadedFile( From b7bdf2ce435b0aeb8edb8349f0456f7ca3d21035 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 16 Apr 2019 08:16:04 +0200 Subject: [PATCH 05/13] bumped Symfony version to 3.4.26 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index ac0ecf301744a..405d80150d207 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.25'; - const VERSION_ID = 30425; + const VERSION = '3.4.26-DEV'; + const VERSION_ID = 30426; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; - const RELEASE_VERSION = 25; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 26; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 944e60f083c3bffbc6a0b5112db127a10a66a8ec Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 2 Apr 2019 18:28:16 +0200 Subject: [PATCH 06/13] [HttpFoundation] reject invalid method override --- .../Component/HttpFoundation/Request.php | 43 +++++++++++++------ 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index fe1a33a597a3e..ae3f51b1724fc 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -1346,22 +1346,37 @@ public function setMethod($method) */ public function getMethod() { - if (null === $this->method) { - $this->method = strtoupper($this->server->get('REQUEST_METHOD', 'GET')); - - if ('POST' === $this->method) { - if ($method = $this->headers->get('X-HTTP-METHOD-OVERRIDE')) { - $this->method = strtoupper($method); - } elseif (self::$httpMethodParameterOverride) { - $method = $this->request->get('_method', $this->query->get('_method', 'POST')); - if (\is_string($method)) { - $this->method = strtoupper($method); - } - } - } + if (null !== $this->method) { + return $this->method; + } + + $this->method = strtoupper($this->server->get('REQUEST_METHOD', 'GET')); + + if ('POST' !== $this->method) { + return $this->method; + } + + $method = $this->headers->get('X-HTTP-METHOD-OVERRIDE'); + + if (!$method && self::$httpMethodParameterOverride) { + $method = $this->request->get('_method', $this->query->get('_method', 'POST')); + } + + if (!\is_string($method)) { + return $this->method; + } + + $method = strtoupper($method); + + if (\in_array($method, ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'PATCH', 'PURGE', 'TRACE'], true)) { + return $this->method = $method; + } + + if (!preg_match('/^[A-Z]++$/D', $method)) { + throw new SuspiciousOperationException(sprintf('Invalid method override "%s".', $method)); } - return $this->method; + return $this->method = $method; } /** From d2fb5893923292a1da7985f0b56960b5bb10737b Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 2 Apr 2019 19:55:56 +0200 Subject: [PATCH 07/13] [DI] Check service IDs are valid --- .../LazyProxy/PhpDumper/ProxyDumper.php | 2 +- .../DependencyInjection/ContainerBuilder.php | 8 + .../DependencyInjection/Dumper/PhpDumper.php | 33 ++-- .../Tests/ContainerBuilderTest.php | 32 ++++ .../Tests/Dumper/PhpDumperTest.php | 8 +- .../Tests/Fixtures/php/services33.php | 4 +- .../Tests/Fixtures/php/services_adawson.php | 46 ++--- .../Fixtures/php/services_inline_requires.php | 8 +- .../Fixtures/php/services_inline_self_ref.php | 2 +- .../Tests/Fixtures/php/services_rot13_env.php | 4 +- .../Fixtures/php/services_subscriber.php | 12 +- .../php/services_unsupported_characters.php | 178 ++++++++++++++++++ 12 files changed, 283 insertions(+), 54 deletions(-) create mode 100644 src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_unsupported_characters.php diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php index 480a5a598aa8c..4ee40def66b15 100644 --- a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php @@ -58,7 +58,7 @@ public function getProxyFactoryCode(Definition $definition, $id, $factoryCode = $instantiation = 'return'; if ($definition->isShared()) { - $instantiation .= sprintf(' $this->%s[\'%s\'] =', \method_exists(ContainerBuilder::class, 'addClassResource') || ($definition->isPublic() && !$definition->isPrivate()) ? 'services' : 'privates', $id); + $instantiation .= sprintf(' $this->%s[%s] =', \method_exists(ContainerBuilder::class, 'addClassResource') || ($definition->isPublic() && !$definition->isPrivate()) ? 'services' : 'privates', var_export($id, true)); } if (null === $factoryCode) { diff --git a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php index 72307464a7b5e..e6a2aa0531ea9 100644 --- a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php +++ b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php @@ -868,6 +868,10 @@ public function setAlias($alias, $id) { $alias = $this->normalizeId($alias); + if ('' === $alias || '\\' === substr($alias, -1) || \strlen($alias) !== strcspn($alias, "\0\r\n'")) { + throw new InvalidArgumentException(sprintf('Invalid alias id: "%s"', $alias)); + } + if (\is_string($id)) { $id = new Alias($this->normalizeId($id)); } elseif (!$id instanceof Alias) { @@ -1021,6 +1025,10 @@ public function setDefinition($id, Definition $definition) $id = $this->normalizeId($id); + if ('' === $id || '\\' === substr($id, -1) || \strlen($id) !== strcspn($id, "\0\r\n'")) { + throw new InvalidArgumentException(sprintf('Invalid service id: "%s"', $id)); + } + unset($this->aliasDefinitions[$id], $this->removedIds[$id]); return $this->definitions[$id] = $definition; diff --git a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php index 0a1385ecc4a0a..73c868f1e54c9 100644 --- a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php +++ b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php @@ -483,7 +483,7 @@ private function addServiceInstance($id, Definition $definition, $isSimpleInstan $instantiation = ''; if (!$isProxyCandidate && $definition->isShared()) { - $instantiation = "\$this->services['$id'] = ".($isSimpleInstance ? '' : '$instance'); + $instantiation = sprintf('$this->services[%s] = %s', $this->doExport($id), $isSimpleInstance ? '' : '$instance'); } elseif (!$isSimpleInstance) { $instantiation = '$instance'; } @@ -679,6 +679,9 @@ private function addService($id, Definition $definition, &$file = null) * Gets the $public '$id'$shared$autowired service. * * $return +EOF; + $code = str_replace('*/', ' ', $code).<<getProxyDumper()->isProxyCandidate($definition)) { $factoryCode = $asFile ? "\$this->load('%s.php', false)" : '$this->%s(false)'; - $code .= $this->getProxyDumper()->getProxyFactoryCode($definition, $id, sprintf($factoryCode, $methodName)); + $code .= $this->getProxyDumper()->getProxyFactoryCode($definition, $id, sprintf($factoryCode, $methodName, $this->doExport($id))); } if ($definition->isDeprecated()) { @@ -767,14 +770,14 @@ private function addInlineReference($id, Definition $definition, $targetId, $for $code .= sprintf(<<<'EOTXT' - if (isset($this->%s['%s'])) { - return $this->%1$s['%2$s']; + if (isset($this->%s[%s])) { + return $this->%1$s[%2$s]; } EOTXT , 'services', - $id + $this->doExport($id) ); return $code; @@ -1530,14 +1533,14 @@ private function getServiceConditionals($value) if (!$this->container->hasDefinition($service)) { return 'false'; } - $conditions[] = sprintf("isset(\$this->services['%s'])", $service); + $conditions[] = sprintf('isset($this->services[%s])', $this->doExport($service)); } foreach (ContainerBuilder::getServiceConditionals($value) as $service) { if ($this->container->hasDefinition($service) && !$this->container->getDefinition($service)->isPublic()) { continue; } - $conditions[] = sprintf("\$this->has('%s')", $service); + $conditions[] = sprintf('$this->has(%s)', $this->doExport($service)); } if (!$conditions) { @@ -1776,6 +1779,8 @@ private function dumpLiteralClass($class) */ private function dumpParameter($name) { + $name = (string) $name; + if ($this->container->isCompiled() && $this->container->hasParameter($name)) { $value = $this->container->getParameter($name); $dumpedValue = $this->dumpValue($value, false); @@ -1785,11 +1790,11 @@ private function dumpParameter($name) } if (!preg_match("/\\\$this->(?:getEnv\('(?:\w++:)*+\w++'\)|targetDirs\[\d++\])/", $dumpedValue)) { - return sprintf("\$this->parameters['%s']", $name); + return sprintf('$this->parameters[%s]', $this->doExport($name)); } } - return sprintf("\$this->getParameter('%s')", $name); + return sprintf('$this->getParameter(%s)', $this->doExport($name)); } /** @@ -1813,7 +1818,7 @@ private function getServiceCall($id, Reference $reference = null) if ($this->container->hasDefinition($id) && $definition = $this->container->getDefinition($id)) { if ($definition->isSynthetic()) { - $code = sprintf('$this->get(\'%s\'%s)', $id, null !== $reference ? ', '.$reference->getInvalidBehavior() : ''); + $code = sprintf('$this->get(%s%s)', $this->doExport($id), null !== $reference ? ', '.$reference->getInvalidBehavior() : ''); } elseif (null !== $reference && ContainerInterface::IGNORE_ON_UNINITIALIZED_REFERENCE === $reference->getInvalidBehavior()) { $code = 'null'; if (!$definition->isShared()) { @@ -1822,7 +1827,7 @@ private function getServiceCall($id, Reference $reference = null) } elseif ($this->isTrivialInstance($definition)) { $code = substr($this->addNewInstance($definition, '', '', $id), 8, -2); if ($definition->isShared()) { - $code = sprintf('$this->services[\'%s\'] = %s', $id, $code); + $code = sprintf('$this->services[%s] = %s', $this->doExport($id), $code); } $code = "($code)"; } elseif ($this->asFiles && $definition->isShared() && !$this->isHotPath($definition)) { @@ -1833,14 +1838,14 @@ private function getServiceCall($id, Reference $reference = null) } elseif (null !== $reference && ContainerInterface::IGNORE_ON_UNINITIALIZED_REFERENCE === $reference->getInvalidBehavior()) { return 'null'; } elseif (null !== $reference && ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE !== $reference->getInvalidBehavior()) { - $code = sprintf('$this->get(\'%s\', /* ContainerInterface::NULL_ON_INVALID_REFERENCE */ %d)', $id, ContainerInterface::NULL_ON_INVALID_REFERENCE); + $code = sprintf('$this->get(%s, /* ContainerInterface::NULL_ON_INVALID_REFERENCE */ %d)', $this->doExport($id), ContainerInterface::NULL_ON_INVALID_REFERENCE); } else { - $code = sprintf('$this->get(\'%s\')', $id); + $code = sprintf('$this->get(%s)', $this->doExport($id)); } // The following is PHP 5.5 syntax for what could be written as "(\$this->services['$id'] ?? $code)" on PHP>=7.0 - return "\${(\$_ = isset(\$this->services['$id']) ? \$this->services['$id'] : $code) && false ?: '_'}"; + return sprintf("\${(\$_ = isset(\$this->services[%s]) ? \$this->services[%1\$s] : %s) && false ?: '_'}", $this->doExport($id), $code); } /** diff --git a/src/Symfony/Component/DependencyInjection/Tests/ContainerBuilderTest.php b/src/Symfony/Component/DependencyInjection/Tests/ContainerBuilderTest.php index 40afaa169d02e..73cb670cdb121 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/ContainerBuilderTest.php +++ b/src/Symfony/Component/DependencyInjection/Tests/ContainerBuilderTest.php @@ -195,6 +195,38 @@ public function testNonSharedServicesReturnsDifferentInstances() $this->assertNotSame($builder->get('bar'), $builder->get('bar')); } + /** + * @expectedException \Symfony\Component\DependencyInjection\Exception\InvalidArgumentException + * @dataProvider provideBadId + */ + public function testBadAliasId($id) + { + $builder = new ContainerBuilder(); + $builder->setAlias($id, 'foo'); + } + + /** + * @expectedException \Symfony\Component\DependencyInjection\Exception\InvalidArgumentException + * @dataProvider provideBadId + */ + public function testBadDefinitionId($id) + { + $builder = new ContainerBuilder(); + $builder->setDefinition($id, new Definition('Foo')); + } + + public function provideBadId() + { + return [ + [''], + ["\0"], + ["\r"], + ["\n"], + ["'"], + ['ab\\'], + ]; + } + /** * @expectedException \Symfony\Component\DependencyInjection\Exception\RuntimeException * @expectedExceptionMessage You have requested a synthetic service ("foo"). The DIC does not know how to construct this service. diff --git a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php index 6d985eaca360b..761f7ef4dd08f 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php @@ -234,12 +234,18 @@ public function testAddServiceIdWithUnsupportedCharacters() { $class = 'Symfony_DI_PhpDumper_Test_Unsupported_Characters'; $container = new ContainerBuilder(); + $container->setParameter("'", 'oh-no'); + $container->register("foo*/oh-no", 'FooClass')->setPublic(true); $container->register('bar$', 'FooClass')->setPublic(true); $container->register('bar$!', 'FooClass')->setPublic(true); $container->compile(); $dumper = new PhpDumper($container); - eval('?>'.$dumper->dump(['class' => $class])); + $this->assertStringEqualsFile(self::$fixturesPath.'/php/services_unsupported_characters.php', $dumper->dump(['class' => $class])); + + require_once self::$fixturesPath.'/php/services_unsupported_characters.php'; + + $this->assertTrue(method_exists($class, 'getFooOhNoService')); $this->assertTrue(method_exists($class, 'getBarService')); $this->assertTrue(method_exists($class, 'getBar2Service')); } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services33.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services33.php index 98e34bc9b1f5e..d4019a50a7ed5 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services33.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services33.php @@ -66,7 +66,7 @@ public function isFrozen() */ protected function getFooService() { - return $this->services['Bar\Foo'] = new \Bar\Foo(); + return $this->services['Bar\\Foo'] = new \Bar\Foo(); } /** @@ -76,6 +76,6 @@ protected function getFooService() */ protected function getFoo2Service() { - return $this->services['Foo\Foo'] = new \Foo\Foo(); + return $this->services['Foo\\Foo'] = new \Foo\Foo(); } } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_adawson.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_adawson.php index f222fc6e606f3..7986897d375ab 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_adawson.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_adawson.php @@ -88,10 +88,10 @@ public function isFrozen() */ protected function getBusService() { - $this->services['App\Bus'] = $instance = new \App\Bus(${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}); + $this->services['App\\Bus'] = $instance = new \App\Bus(${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}); - $instance->handler1 = ${($_ = isset($this->services['App\Handler1']) ? $this->services['App\Handler1'] : $this->getHandler1Service()) && false ?: '_'}; - $instance->handler2 = ${($_ = isset($this->services['App\Handler2']) ? $this->services['App\Handler2'] : $this->getHandler2Service()) && false ?: '_'}; + $instance->handler1 = ${($_ = isset($this->services['App\\Handler1']) ? $this->services['App\\Handler1'] : $this->getHandler1Service()) && false ?: '_'}; + $instance->handler2 = ${($_ = isset($this->services['App\\Handler2']) ? $this->services['App\\Handler2'] : $this->getHandler2Service()) && false ?: '_'}; return $instance; } @@ -103,9 +103,9 @@ protected function getBusService() */ protected function getDbService() { - $this->services['App\Db'] = $instance = new \App\Db(); + $this->services['App\\Db'] = $instance = new \App\Db(); - $instance->schema = ${($_ = isset($this->services['App\Schema']) ? $this->services['App\Schema'] : $this->getSchemaService()) && false ?: '_'}; + $instance->schema = ${($_ = isset($this->services['App\\Schema']) ? $this->services['App\\Schema'] : $this->getSchemaService()) && false ?: '_'}; return $instance; } @@ -117,13 +117,13 @@ protected function getDbService() */ protected function getHandler1Service() { - $a = ${($_ = isset($this->services['App\Processor']) ? $this->services['App\Processor'] : $this->getProcessorService()) && false ?: '_'}; + $a = ${($_ = isset($this->services['App\\Processor']) ? $this->services['App\\Processor'] : $this->getProcessorService()) && false ?: '_'}; - if (isset($this->services['App\Handler1'])) { - return $this->services['App\Handler1']; + if (isset($this->services['App\\Handler1'])) { + return $this->services['App\\Handler1']; } - return $this->services['App\Handler1'] = new \App\Handler1(${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}, ${($_ = isset($this->services['App\Schema']) ? $this->services['App\Schema'] : $this->getSchemaService()) && false ?: '_'}, $a); + return $this->services['App\\Handler1'] = new \App\Handler1(${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}, ${($_ = isset($this->services['App\\Schema']) ? $this->services['App\\Schema'] : $this->getSchemaService()) && false ?: '_'}, $a); } /** @@ -133,13 +133,13 @@ protected function getHandler1Service() */ protected function getHandler2Service() { - $a = ${($_ = isset($this->services['App\Processor']) ? $this->services['App\Processor'] : $this->getProcessorService()) && false ?: '_'}; + $a = ${($_ = isset($this->services['App\\Processor']) ? $this->services['App\\Processor'] : $this->getProcessorService()) && false ?: '_'}; - if (isset($this->services['App\Handler2'])) { - return $this->services['App\Handler2']; + if (isset($this->services['App\\Handler2'])) { + return $this->services['App\\Handler2']; } - return $this->services['App\Handler2'] = new \App\Handler2(${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}, ${($_ = isset($this->services['App\Schema']) ? $this->services['App\Schema'] : $this->getSchemaService()) && false ?: '_'}, $a); + return $this->services['App\\Handler2'] = new \App\Handler2(${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}, ${($_ = isset($this->services['App\\Schema']) ? $this->services['App\\Schema'] : $this->getSchemaService()) && false ?: '_'}, $a); } /** @@ -149,13 +149,13 @@ protected function getHandler2Service() */ protected function getProcessorService() { - $a = ${($_ = isset($this->services['App\Registry']) ? $this->services['App\Registry'] : $this->getRegistryService()) && false ?: '_'}; + $a = ${($_ = isset($this->services['App\\Registry']) ? $this->services['App\\Registry'] : $this->getRegistryService()) && false ?: '_'}; - if (isset($this->services['App\Processor'])) { - return $this->services['App\Processor']; + if (isset($this->services['App\\Processor'])) { + return $this->services['App\\Processor']; } - return $this->services['App\Processor'] = new \App\Processor($a, ${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}); + return $this->services['App\\Processor'] = new \App\Processor($a, ${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}); } /** @@ -165,9 +165,9 @@ protected function getProcessorService() */ protected function getRegistryService() { - $this->services['App\Registry'] = $instance = new \App\Registry(); + $this->services['App\\Registry'] = $instance = new \App\Registry(); - $instance->processor = [0 => ${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}, 1 => ${($_ = isset($this->services['App\Bus']) ? $this->services['App\Bus'] : $this->getBusService()) && false ?: '_'}]; + $instance->processor = [0 => ${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}, 1 => ${($_ = isset($this->services['App\\Bus']) ? $this->services['App\\Bus'] : $this->getBusService()) && false ?: '_'}]; return $instance; } @@ -179,12 +179,12 @@ protected function getRegistryService() */ protected function getSchemaService() { - $a = ${($_ = isset($this->services['App\Db']) ? $this->services['App\Db'] : $this->getDbService()) && false ?: '_'}; + $a = ${($_ = isset($this->services['App\\Db']) ? $this->services['App\\Db'] : $this->getDbService()) && false ?: '_'}; - if (isset($this->services['App\Schema'])) { - return $this->services['App\Schema']; + if (isset($this->services['App\\Schema'])) { + return $this->services['App\\Schema']; } - return $this->services['App\Schema'] = new \App\Schema($a); + return $this->services['App\\Schema'] = new \App\Schema($a); } } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_requires.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_requires.php index a23a693674134..59582d9eb5750 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_requires.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_requires.php @@ -87,7 +87,7 @@ public function isFrozen() */ protected function getParentNotExistsService() { - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\ParentNotExists'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\ParentNotExists(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\ParentNotExists'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\ParentNotExists(); } /** @@ -97,7 +97,7 @@ protected function getParentNotExistsService() */ protected function getC1Service() { - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C1'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C1(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C1'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C1(); } /** @@ -110,7 +110,7 @@ protected function getC2Service() include_once $this->targetDirs[1].'/includes/HotPath/C2.php'; include_once $this->targetDirs[1].'/includes/HotPath/C3.php'; - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C2'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C2(${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3())) && false ?: '_'}); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C2'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C2(${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C3']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C3'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C3'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3())) && false ?: '_'}); } /** @@ -122,7 +122,7 @@ protected function getC3Service() { include_once $this->targetDirs[1].'/includes/HotPath/C3.php'; - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\includes\\HotPath\\C3'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\includes\HotPath\C3(); } public function getParameter($name) diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_self_ref.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_self_ref.php index a2573eae6d3a9..271aeb668b272 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_self_ref.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_inline_self_ref.php @@ -69,7 +69,7 @@ protected function getFooService() $b = new \App\Baz($a); $b->bar = $a; - $this->services['App\Foo'] = $instance = new \App\Foo($b); + $this->services['App\\Foo'] = $instance = new \App\Foo($b); $a->foo = $instance; diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_rot13_env.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_rot13_env.php index 7c903b11d0720..8d1465c44ba3a 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_rot13_env.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_rot13_env.php @@ -67,7 +67,7 @@ public function isFrozen() */ protected function getRot13EnvVarProcessorService() { - return $this->services['Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor'] = new \Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Dumper\\Rot13EnvVarProcessor'] = new \Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor(); } /** @@ -78,7 +78,7 @@ protected function getRot13EnvVarProcessorService() protected function getContainer_EnvVarProcessorsLocatorService() { return $this->services['container.env_var_processors_locator'] = new \Symfony\Component\DependencyInjection\ServiceLocator(['rot13' => function () { - return ${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor'] = new \Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor())) && false ?: '_'}; + return ${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Dumper\\Rot13EnvVarProcessor']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Dumper\\Rot13EnvVarProcessor'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Dumper\\Rot13EnvVarProcessor'] = new \Symfony\Component\DependencyInjection\Tests\Dumper\Rot13EnvVarProcessor())) && false ?: '_'}; }]); } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_subscriber.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_subscriber.php index 9424a7611433b..dbb51eab32852 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_subscriber.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_subscriber.php @@ -73,7 +73,7 @@ public function isFrozen() */ protected function getTestServiceSubscriberService() { - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber(); } /** @@ -84,13 +84,13 @@ protected function getTestServiceSubscriberService() protected function getFooServiceService() { return $this->services['foo_service'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber((new \Symfony\Component\DependencyInjection\ServiceLocator(['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition' => function () { - $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v = null) { return $v; }; return $f(${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition())) && false ?: '_'}); + $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v = null) { return $v; }; return $f(${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition())) && false ?: '_'}); }, 'Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber' => function () { - $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber $v) { return $v; }; return $f(${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber())) && false ?: '_'}); + $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber $v) { return $v; }; return $f(${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber())) && false ?: '_'}); }, 'bar' => function () { - $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v) { return $v; }; return $f(${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber())) && false ?: '_'}); + $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v) { return $v; }; return $f(${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\TestServiceSubscriber'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\TestServiceSubscriber())) && false ?: '_'}); }, 'baz' => function () { - $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v = null) { return $v; }; return $f(${($_ = isset($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition']) ? $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition'] : ($this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition())) && false ?: '_'}); + $f = function (\Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition $v = null) { return $v; }; return $f(${($_ = isset($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition']) ? $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition'] : ($this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition())) && false ?: '_'}); }]))->withContext('foo_service', $this)); } @@ -101,6 +101,6 @@ protected function getFooServiceService() */ protected function getCustomDefinitionService() { - return $this->services['Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition(); + return $this->services['Symfony\\Component\\DependencyInjection\\Tests\\Fixtures\\CustomDefinition'] = new \Symfony\Component\DependencyInjection\Tests\Fixtures\CustomDefinition(); } } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_unsupported_characters.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_unsupported_characters.php new file mode 100644 index 0000000000000..a4c841cabe6e0 --- /dev/null +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_unsupported_characters.php @@ -0,0 +1,178 @@ +parameters = $this->getDefaultParameters(); + + $this->services = []; + $this->methodMap = [ + 'bar$' => 'getBarService', + 'bar$!' => 'getBar2Service', + 'foo*/oh-no' => 'getFooohnoService', + ]; + + $this->aliases = []; + } + + public function getRemovedIds() + { + return [ + 'Psr\\Container\\ContainerInterface' => true, + 'Symfony\\Component\\DependencyInjection\\ContainerInterface' => true, + ]; + } + + public function compile() + { + throw new LogicException('You cannot compile a dumped container that was already compiled.'); + } + + public function isCompiled() + { + return true; + } + + public function isFrozen() + { + @trigger_error(sprintf('The %s() method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the isCompiled() method instead.', __METHOD__), E_USER_DEPRECATED); + + return true; + } + + /** + * Gets the public 'bar$' shared service. + * + * @return \FooClass + */ + protected function getBarService() + { + return $this->services['bar$'] = new \FooClass(); + } + + /** + * Gets the public 'bar$!' shared service. + * + * @return \FooClass + */ + protected function getBar2Service() + { + return $this->services['bar$!'] = new \FooClass(); + } + + /** + * Gets the public 'foo oh-no' shared service. + * + * @return \FooClass + */ + protected function getFooohnoService() + { + return $this->services['foo*/oh-no'] = new \FooClass(); + } + + public function getParameter($name) + { + $name = (string) $name; + if (!(isset($this->parameters[$name]) || isset($this->loadedDynamicParameters[$name]) || array_key_exists($name, $this->parameters))) { + $name = $this->normalizeParameterName($name); + + if (!(isset($this->parameters[$name]) || isset($this->loadedDynamicParameters[$name]) || array_key_exists($name, $this->parameters))) { + throw new InvalidArgumentException(sprintf('The parameter "%s" must be defined.', $name)); + } + } + if (isset($this->loadedDynamicParameters[$name])) { + return $this->loadedDynamicParameters[$name] ? $this->dynamicParameters[$name] : $this->getDynamicParameter($name); + } + + return $this->parameters[$name]; + } + + public function hasParameter($name) + { + $name = (string) $name; + $name = $this->normalizeParameterName($name); + + return isset($this->parameters[$name]) || isset($this->loadedDynamicParameters[$name]) || array_key_exists($name, $this->parameters); + } + + public function setParameter($name, $value) + { + throw new LogicException('Impossible to call set() on a frozen ParameterBag.'); + } + + public function getParameterBag() + { + if (null === $this->parameterBag) { + $parameters = $this->parameters; + foreach ($this->loadedDynamicParameters as $name => $loaded) { + $parameters[$name] = $loaded ? $this->dynamicParameters[$name] : $this->getDynamicParameter($name); + } + $this->parameterBag = new FrozenParameterBag($parameters); + } + + return $this->parameterBag; + } + + private $loadedDynamicParameters = []; + private $dynamicParameters = []; + + /** + * Computes a dynamic parameter. + * + * @param string $name The name of the dynamic parameter to load + * + * @return mixed The value of the dynamic parameter + * + * @throws InvalidArgumentException When the dynamic parameter does not exist + */ + private function getDynamicParameter($name) + { + throw new InvalidArgumentException(sprintf('The dynamic parameter "%s" must be defined.', $name)); + } + + private $normalizedParameterNames = []; + + private function normalizeParameterName($name) + { + if (isset($this->normalizedParameterNames[$normalizedName = strtolower($name)]) || isset($this->parameters[$normalizedName]) || array_key_exists($normalizedName, $this->parameters)) { + $normalizedName = isset($this->normalizedParameterNames[$normalizedName]) ? $this->normalizedParameterNames[$normalizedName] : $normalizedName; + if ((string) $name !== $normalizedName) { + @trigger_error(sprintf('Parameter names will be made case sensitive in Symfony 4.0. Using "%s" instead of "%s" is deprecated since Symfony 3.4.', $name, $normalizedName), E_USER_DEPRECATED); + } + } else { + $normalizedName = $this->normalizedParameterNames[$normalizedName] = (string) $name; + } + + return $normalizedName; + } + + /** + * Gets the default parameters. + * + * @return array An array of the default parameters + */ + protected function getDefaultParameters() + { + return [ + '\'' => 'oh-no', + ]; + } +} From 6ab574b7c974c4ab8e0349061752618a8853c7d6 Mon Sep 17 00:00:00 2001 From: johnillo Date: Tue, 16 Apr 2019 19:09:01 +0800 Subject: [PATCH 08/13] [Validator] #30192 Added the missing translations for the Tagalog ("tl") locale. --- .../Resources/translations/validators.tl.xlf | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.tl.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.tl.xlf index 75dc329589730..1c408585b28f1 100644 --- a/src/Symfony/Component/Validator/Resources/translations/validators.tl.xlf +++ b/src/Symfony/Component/Validator/Resources/translations/validators.tl.xlf @@ -314,6 +314,54 @@ This is not a valid Business Identifier Code (BIC). Ito ay hindi isang balidong Business Identifier Code (BIC). + + Error + Error + + + This is not a valid UUID. + Ito ay hindi wastong UUID. + + + This value should be a multiple of {{ compared_value }}. + Ang halagang ito ay dapat multiple ng {{ compared_value }}. + + + This Business Identifier Code (BIC) is not associated with IBAN {{ iban }}. + Ang Business Identifier Code (BIC) na ito ay walang kaugnayan sa IBAN {{ iban }}. + + + This value should be valid JSON. + Ang halagang ito ay dapat naka wastong JSON. + + + This collection should contain only unique elements. + Ang mga elemento ng koleksyong ito ay dapat magkakaiba. + + + This value should be positive. + Ang halagang ito ay dapat positibo. + + + This value should be either positive or zero. + Ang halagang ito ay dapat positibo o zero. + + + This value should be negative. + Ang halagang ito ay dapat negatibo. + + + This value should be either negative or zero. + Ang halagang ito ay dapat negatibo o zero. + + + This value is not a valid timezone. + Ang halagang ito ay hindi wastong timezone. + + + This password has been leaked in a data breach, it must not be used. Please use another password. + Naikalat ang password na ito sa isang data breach at hindi na dapat gamitin. Mangyaring gumamit ng ibang pang password. + From 88b27656cc2a26d18a2c7edd3bbc0f981eb6e00f Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 16 Apr 2019 15:47:19 +0200 Subject: [PATCH 09/13] [VarDumper][Ldap] relax some locally failing tests --- src/Symfony/Component/Ldap/Tests/LdapTestCase.php | 8 ++++++++ .../VarDumper/Tests/Caster/ReflectionCasterTest.php | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Ldap/Tests/LdapTestCase.php b/src/Symfony/Component/Ldap/Tests/LdapTestCase.php index 2e5fa9a34b18b..cc50ecae73dc1 100644 --- a/src/Symfony/Component/Ldap/Tests/LdapTestCase.php +++ b/src/Symfony/Component/Ldap/Tests/LdapTestCase.php @@ -8,6 +8,14 @@ class LdapTestCase extends TestCase { protected function getLdapConfig() { + $h = @ldap_connect(getenv('LDAP_HOST'), getenv('LDAP_PORT')); + + if (!$h || !@ldap_bind($h)) { + $this->markTestSkipped('No server is listening on LDAP_HOST:LDAP_PORT'); + } + + ldap_close($h); + return [ 'host' => getenv('LDAP_HOST'), 'port' => getenv('LDAP_PORT'), diff --git a/src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php b/src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php index 96cb80ebe6e50..37e14966f4f67 100644 --- a/src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php +++ b/src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php @@ -37,7 +37,7 @@ public function testReflectionCaster() %A] constants: array:3 [ "IS_IMPLICIT_ABSTRACT" => 16 - "IS_EXPLICIT_ABSTRACT" => 32 + "IS_EXPLICIT_ABSTRACT" => %d "IS_FINAL" => %d ] properties: array:%d [ From 8f7682c175282224c1dc62ff68da3a5dc575aadf Mon Sep 17 00:00:00 2001 From: Hamza Amrouche Date: Wed, 17 Apr 2019 08:02:18 +0200 Subject: [PATCH 10/13] [FrameworkBundle] minor: remove a typo from changelog new new -> new --- src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md index 9d63e08afe8be..fcbe4ffa7f209 100644 --- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md @@ -70,7 +70,7 @@ CHANGELOG The default value will be `state_machine` in Symfony 4.0. * Deprecated the `CompilerDebugDumpPass` class * Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter - * Added a new new version strategy option called json_manifest_path + * Added a new version strategy option called "json_manifest_path" that allows you to use the `JsonManifestVersionStrategy`. * Added `Symfony\Bundle\FrameworkBundle\Controller\AbstractController`. It provides the same helpers as the `Controller` class, but does not allow accessing the dependency From cd77f6f91c4e0fe733bae4bd8014ee81b06d7871 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Wed, 17 Apr 2019 14:56:02 +0200 Subject: [PATCH 11/13] Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" This reverts commit fd1408b13869a381fbebf9b9967f7a80e8b141d3, reversing changes made to b93d2bf9415c790347d677adee268865bc786fe1. --- .../Http/Firewall/ExceptionListener.php | 4 +- .../Tests/Firewall/ExceptionListenerTest.php | 63 +++---------------- 2 files changed, 10 insertions(+), 57 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php index b3b5ccefec783..d107721471533 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php @@ -131,6 +131,8 @@ private function handleAccessDeniedException(GetResponseForExceptionEvent $event } catch (\Exception $e) { $event->setException($e); } + + return; } if (null !== $this->logger) { @@ -148,7 +150,7 @@ private function handleAccessDeniedException(GetResponseForExceptionEvent $event $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage); $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception); - $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST)); + $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true)); $event->allowCustomResponseCode(); } } catch (\Exception $e) { diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php index 3220e43e70e95..53fedebcad705 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php @@ -130,8 +130,10 @@ public function testAccessDeniedExceptionFullFledgedAndWithAccessDeniedHandlerAn { $event = $this->createEvent($exception); - $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), null, null, null, $this->createCustomAccessDeniedHandler(new Response('error'))); + $accessDeniedHandler = $this->getMockBuilder('Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface')->getMock(); + $accessDeniedHandler->expects($this->once())->method('handle')->will($this->returnValue(new Response('error'))); + $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), null, null, null, $accessDeniedHandler); $listener->onKernelException($event); $this->assertEquals('error', $event->getResponse()->getContent()); @@ -145,48 +147,13 @@ public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \ { $event = $this->createEvent($exception); - $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(false), null, $this->createEntryPoint()); - $listener->onKernelException($event); - - $this->assertEquals('OK', $event->getResponse()->getContent()); - $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); - } - - /** - * @dataProvider getAccessDeniedExceptionProvider - */ - public function testAccessDeniedExceptionNotFullFledgedAndWithAccessDeniedHandlerAndWithoutErrorPage(\Exception $exception, \Exception $eventException = null) - { - $event = $this->createEvent($exception); - - $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(false), null, $this->createEntryPoint(), null, $this->createCustomAccessDeniedHandler(new Response('denied', 403))); - $listener->onKernelException($event); - - $this->assertEquals('denied', $event->getResponse()->getContent()); - $this->assertEquals(403, $event->getResponse()->getStatusCode()); - $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); - } - - /** - * @dataProvider getAccessDeniedExceptionProvider - */ - public function testAccessDeniedExceptionNotFullFledgedAndWithoutAccessDeniedHandlerAndWithErrorPage(\Exception $exception, \Exception $eventException = null) - { - $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(); - $kernel->expects($this->once())->method('handle')->will($this->returnValue(new Response('Unauthorized', 401))); - - $event = $this->createEvent($exception, $kernel); - - $httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock(); - $httpUtils->expects($this->once())->method('createRequest')->will($this->returnValue(Request::create('/error'))); + $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); + $tokenStorage->expects($this->once())->method('getToken')->will($this->returnValue($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock())); - $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(true), $httpUtils, null, '/error'); + $listener = $this->createExceptionListener($tokenStorage, $this->createTrustResolver(false), null, $this->createEntryPoint()); $listener->onKernelException($event); - $this->assertTrue($event->isAllowingCustomResponseCode()); - - $this->assertEquals('Unauthorized', $event->getResponse()->getContent()); - $this->assertEquals(401, $event->getResponse()->getStatusCode()); + $this->assertEquals('OK', $event->getResponse()->getContent()); $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); } @@ -201,22 +168,6 @@ public function getAccessDeniedExceptionProvider() ]; } - private function createTokenStorage() - { - $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); - $tokenStorage->expects($this->once())->method('getToken')->will($this->returnValue($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock())); - - return $tokenStorage; - } - - private function createCustomAccessDeniedHandler(Response $response) - { - $accessDeniedHandler = $this->getMockBuilder('Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface')->getMock(); - $accessDeniedHandler->expects($this->once())->method('handle')->will($this->returnValue($response)); - - return $accessDeniedHandler; - } - private function createEntryPoint(Response $response = null) { $entryPoint = $this->getMockBuilder('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface')->getMock(); From 35741bd475a7e24d4018c02a2840911d496719af Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 17 Apr 2019 17:56:57 +0200 Subject: [PATCH 12/13] updated CHANGELOG for 3.4.26 --- CHANGELOG-3.4.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index cc532847e6f8c..2d0e6ecdeac27 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -7,6 +7,16 @@ in 3.4 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1 +* 3.4.26 (2019-04-17) + + * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) + * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) + * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) + * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) + * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) + * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) + * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) + * 3.4.25 (2019-04-16) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) From ef3b684208f3450eb2cae8381ccbbd6c7ee5603e Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 17 Apr 2019 17:57:07 +0200 Subject: [PATCH 13/13] updated VERSION for 3.4.26 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 405d80150d207..1bfed69c61a4a 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.26-DEV'; + const VERSION = '3.4.26'; const VERSION_ID = 30426; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; const RELEASE_VERSION = 26; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy