From 9ce0ae23aee0cc32bbedb0436a47f267900017c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9goire=20Paris?= <postmaster@greg0ire.fr>
Date: Tue, 7 Nov 2017 21:11:22 +0100
Subject: [PATCH] Have weak_vendors ignore deprecations from outside

phar:// and eval() can execute code that may or may not come from the vendors.
---
 .../PhpUnit/DeprecationErrorHandler.php       |   7 +++--
 .../DeprecationErrorHandler/deprecation.phar  | Bin 0 -> 6828 bytes
 .../deprecation/deprecation.php               |   3 +++
 .../DeprecationErrorHandler/generate_phar.php |   4 +++
 .../weak_vendors_on_eval_d_deprecation.phpt   |  23 ++++++++++++++++
 .../weak_vendors_on_phar_deprecation.phpt     |  25 ++++++++++++++++++
 6 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation.phar
 create mode 100644 src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation/deprecation.php
 create mode 100644 src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/generate_phar.php
 create mode 100644 src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_eval_d_deprecation.phpt
 create mode 100644 src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_phar_deprecation.phpt

diff --git a/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php b/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
index d13fc14c0c6bb..3fde9ab28b100 100644
--- a/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
+++ b/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
@@ -75,9 +75,12 @@ public static function register($mode = 0)
                     }
                 }
             }
-            $path = realpath($path) ?: $path;
+            $realPath = realpath($path);
+            if (false === $realPath && '-' !== $path && 'Standard input code' !== $path) {
+                return true;
+            }
             foreach ($vendors as $vendor) {
-                if (0 === strpos($path, $vendor) && false !== strpbrk(substr($path, strlen($vendor), 1), '/'.DIRECTORY_SEPARATOR)) {
+                if (0 === strpos($realPath, $vendor) && false !== strpbrk(substr($realPath, strlen($vendor), 1), '/'.DIRECTORY_SEPARATOR)) {
                     return true;
                 }
             }
diff --git a/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation.phar b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation.phar
new file mode 100644
index 0000000000000000000000000000000000000000..20e1203bd058af00544b7ea3159cc4979546afd0
GIT binary patch
literal 6828
zcmb_h%W~Vu6?L-Y#>o#%wOAMfibzqEWO+h8EZL%MRV0f;(MrXP3Izg95+l3<fO?Im
zD%<=>DqoO4$dBX~vdtpr_5%V%&@+q3C5wG=-+lYu)8O9gWSZ1!#w{PQeP;TR$M4ob
zGIwh=f6OdDvYj+_?kzK!I;q)US)Otyv?n~bZ&N2pc$!(OtL()K<_1od+5FDW^2{=O
zl6?cueyq`=)A6I6r!G(OcYeU%%_0|)yR{6O{KySv9=8)GpGr%eR?B4T%(ma1oOW#+
zAA3iG5B5d3cho-`ocBQ>7v=<4p-oysH1xrWW<k(k6dWEYUM3=0)Ncxd-Mc(>+}xIW
zE(S;a!EP<(`7DigYd^`H99n(`uPp=a^e?;pq1o?#|EYU1us`)r%qx+MWgKVS!H4r>
z#Z;j|KWF>cjrZMw$-aDHi-zXddgm7db5$gI-u+2z<>`zgb|dsdo?(aOX4a5{Bs1Cm
z0o!cUOjmp|bAFe%lECpJlZe&SB&lRxTdN{_xmQJ=RuO}EQbkUqN^*XeS8?BEl?JJx
zDcCmRLKzgFof}_jx$!+7w`d8DQK(|{LubNUw4{7wGGQ`Jv;uMBkEH_1N=s0uc_^tO
zqgVxs8Z04~HEVX?jmxU<nnZx|9}-@sV>yvzl_%-RBN>k=bn^*anZyYWeAmhSIBMNB
ze{gP`%uW3yCzYY^sq{EA&yQPTE$LF_6LPF_ugF*ub9^J2@xkY<zs!91I!7^zXUW!_
zA}mQFQ69@p2~~jNuZU!xo_J~t%ApVusuEp1GI&~on%!1NWYgHazIASRbBsPVCBA%q
zbFmak#otm&H66m`XlMx~cOz8`(gj))6(u25hzg-qqlRNzn{vnFsa1dLxKrMI8%KE>
z2OSp0O_wMQ7S6J~nerPa@I5EzbqHyhUg}Ij=aHG7)r^so@yH1|&c6O=>8=U}>hUY+
z=}DYbbR*Hv&_K1M=rQip^HXcS(-=7q6H+G|xoElNzG);m9LQ!Pm|AY<m;1riXb=TF
zvP!<GXvh{dO)`ll+A?VZNe5^W6bUmw3<kYcd%exJHrnhgzTqD0@icTI9_7Kk`IuVs
zG?quC!)PciwqubeJdra5wjhf^nA6BG97K+p8HnLlkv7O3pY*$LG1dMwH{hfmu|rUT
zkW|P>KkcYxIM|OpO|8%@wo8?Vj&_4>Z)~%Van9bwv&f?;xjT(neUBQ?!Ji|xM-udb
z?d5(R@B<pxj}nSVj4jQ%H;TP`DKc#zkbx!>Qgswhk~dhrB;NvykXAxaLze5Mlo1x8
zbotRZrZCmcs-Zd>nwV5P%FwhhNojj^kaS|Od(FXp!aJ-q&`O)Bc}{sW$)|El#|Sa=
zA7oCca2=0G(zf17frsSe7vpqj%zGkTAuc&?7oMXY_gS0#EzXJa81>HyZi+zt$uz)k
zZZG;*odi_u5_kR|IRPXRxQ~^~ul8dt%P~`2Ci(&}o?6AJKSA~G*4#MCa`yf+_Icy3
zy|J;ONpC)H3fg9gc6M~}2SMB_5d|~@bq=yhwWr;Wc(AkcatjSmnH~df(vV}oM25t3
z;2AqX##iC4F-~Y1C+H};J2se^j_7=hGtRFqumJt?VBG1z0LaEEL}pRqxYw3>31}=%
z`j~1*GH(+gH9~Ni1gE_i8xPx#2g-Nt-*3vQHcp4_E1VbI&q6xW^jNel#lFZSS_>u>
z_0^J1p<kL^-)9CffRo)$=?q)i29X6!)dXQw7=f%93KdV_zUOnx?DqTT{SHH;^v4_y
zpbg_7QIGT3t&_1jN)CCK?HQWa%{s$)odq5narsongN9kB1fz%yI_d~TCfHVKH9`ty
z47zwe1X8_H{(<^Jalij8jucHYz0JinWby#T0VX8?a^ZiP#%YH=1pbH>jfD9b#%#_o
zEJpz*L6d?oSs`z&GOe6NoO@sy$Ei@#bmK5dIXZ*KaCdUjOa`T{3nfoc-OF7aJ$PJe
zTJ(1G;3u0u>uy=c5|2j@n_qEQ9N1zX@-U%UuWMpOKE)(j@iSci{G4)S$>A@`HA5C~
z%BXh>C1Pb~fK~Et2Tj!GP#gdp=#wRW42j+PDqBH|RL8RXl(Y%-@Kk8Is<pPVwnD8^
zS43IqDh*W%g@T-WP}Is>QMObV0bu}+nGz;(>ZJD!Lfp+`e9B|m7`ity+J3qFI+JC+
zveZch!|60z#H}P-=DJ2%<qjn3i4@9%Q79!H1yQwC<Op|S_tv8gI}EQyRK(a|8?Roy
zYA}5n6b_U?iQGVSu;#NReO&@jLhq#<L%L<kOQ<@-DF@`|gD`nV!&O#Eqww(SE*^?4
zOJ=!^mQE90$rl)F(KOmM<*9~K$$^zoC)84gW@uh9G$ljU<N-5CwJ25sW^>UZVG>xW
zs5P8JHB&2BDg7GPlT5n-M>oLm6X?A-N5Yq(?vUizDh2?iz$0EQZ(k9#kdr3h&QFYE
zdZDTPT&|Ru+!j@Cv?rE&ATomSHBLm7?lg=s!4`7>%R4(eWLf;H$&0{z@u=A<x}3TT
zNW1D)3W+YvWZh;kh#$Ly)%(!1&o8j8e?0jJ4FA{|5VF8ZH%=-`o<}#9IXLTq>opZv
zY2A5TcZq=<Q{&%&JjFt~R1Yv)6gAYKFUa$wDJ40Sm&Ee=87WaZMd#8=$-umW!1<Lf
zDCx3ha)T5tB&#$V3Am`aS;isyniXQh8cd)NAOU!?gsH8$1Xd|Yx3_W6G6LWexMI-j
zqa_*&1vJ8e<qXt(O2|Yg$e;i;1Stl%WTA6PXH={(-T`{#fdwx<t*ueUVVp<cSYlS1
zQ6VauYcRSCL7F*w45@1;@}VV2uMSJN3Nb~4Fk{kLw2on+2&YrNJ+pE7o}r-?PC2d1
zQR~ueU3#rc-nzs~g5suIGP#M3pfrj!%xfNQk@74_@rHD4ncvO`Ojh&NUH~wU)z30@
zuSlH{!&uBHuqsuXv?X$zz_KYes*3OB+}3?rqHX)CKx2f~ODBSiSJrV=BSNE3?`0>V
z+Qu6W>d}Or4VOX^&xhoCO(9yt6|IKuTy7aR3sKD2!!kB@DPg1tC0cY(5Ski~ON&p$
z1Qw?dG@g@QltPvORJ;2K83hG4r7h937GxD9)WUNBu8^OH<P;nAL!FNeymFS%ynYgi
zH$zOkYLA>i;!#Eu0;mfYT*e9f;y%7!TsWk<b<m&^4@6nyLlhBctMnFWK5!H(7<IMQ
zzn$Td@22k7rX~GFC6r3^m$`;_Tkdr>3#EJ7C`t$K-I-7;ym)$<v#T+Np#Txx?4As%
z0v$|(cx0KsL$4=rFxFKhW~urP15`m)_z*m=*<l(AScOH09nPY_kLYTMB+>Rhk*04&
zG`f_!mO!KN94=DhRhy!b1pSLxLWQP-RVCV;`vwEoUC7$@hojSh{r3E<hp$umAhFj6
zXV0EJ`xSnFEB^il|9c$Q82P44;7*X9Jzt<F#~{7>*ZF7qyH?+c{z+Q!vnRewI?Qp&
zpYYTcm1dbI43`>?J8B&M`>%gz&e%y;Smzimu4{k77bx~|w}-c1M}zJ$JpJbE`Tp~7
cw*T?wzpbmoPuFLMfBVn(zlQGjZ_eKQ4>9=~j{pDw

literal 0
HcmV?d00001

diff --git a/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation/deprecation.php b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation/deprecation.php
new file mode 100644
index 0000000000000..b9e23e7692156
--- /dev/null
+++ b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/deprecation/deprecation.php
@@ -0,0 +1,3 @@
+<?php
+
+@trigger_error('I come from… afar! :D', E_USER_DEPRECATED);
diff --git a/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/generate_phar.php b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/generate_phar.php
new file mode 100644
index 0000000000000..d519ea346b138
--- /dev/null
+++ b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/generate_phar.php
@@ -0,0 +1,4 @@
+<?php
+
+$phar = new Phar(__DIR__.DIRECTORY_SEPARATOR.'deprecation.phar', 0, 'deprecation.phar');
+$phar->buildFromDirectory(__DIR__.DIRECTORY_SEPARATOR.'deprecation');
diff --git a/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_eval_d_deprecation.phpt b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_eval_d_deprecation.phpt
new file mode 100644
index 0000000000000..6bba1c86be5ac
--- /dev/null
+++ b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_eval_d_deprecation.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Test DeprecationErrorHandler in weak vendors mode on eval()'d deprecation
+--FILE--
+<?php
+
+putenv('SYMFONY_DEPRECATIONS_HELPER=weak_vendors');
+putenv('ANSICON');
+putenv('ConEmuANSI');
+putenv('TERM');
+
+$vendor = __DIR__;
+while (!file_exists($vendor.'/vendor')) {
+    $vendor = dirname($vendor);
+}
+define('PHPUNIT_COMPOSER_INSTALL', $vendor.'/vendor/autoload.php');
+require PHPUNIT_COMPOSER_INSTALL;
+require_once __DIR__.'/../../bootstrap.php';
+eval("@trigger_error('who knows where I come from?', E_USER_DEPRECATED);")
+
+?>
+--EXPECTF--
+
+Other deprecation notices (1)
diff --git a/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_phar_deprecation.phpt b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_phar_deprecation.phpt
new file mode 100644
index 0000000000000..4c4879e61156d
--- /dev/null
+++ b/src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/weak_vendors_on_phar_deprecation.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Test DeprecationErrorHandler in weak vendors mode on eval()'d deprecation
+The phar can be regenerated by running php src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/generate_phar.php
+--FILE--
+<?php
+
+putenv('SYMFONY_DEPRECATIONS_HELPER=weak_vendors');
+putenv('ANSICON');
+putenv('ConEmuANSI');
+putenv('TERM');
+
+$vendor = __DIR__;
+while (!file_exists($vendor.'/vendor')) {
+    $vendor = dirname($vendor);
+}
+define('PHPUNIT_COMPOSER_INSTALL', $vendor.'/vendor/autoload.php');
+require PHPUNIT_COMPOSER_INSTALL;
+require_once __DIR__.'/../../bootstrap.php';
+\Phar::loadPhar(__DIR__.'/deprecation.phar', 'deprecation.phar');
+include 'phar://deprecation.phar/deprecation.php';
+
+?>
+--EXPECTF--
+
+Other deprecation notices (1)

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/24864.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/24864.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/24864.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/24864.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>