8000 security #cve-2018-19789 [Form] Filter file uploads out of regular fo… · alex-dev/symfony@ace0a05 · GitHub
[go: up one dir, main page]
Skip to content

Commit ace0a05

Browse files
nicolas-grekasnicolas-grekas
committed
security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas)
This PR was merged into the 2.7 branch. Discussion ---------- [Form] Filter file uploads out of regular form types | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - This PR filters uploaded files out of the data processed by any form type except `FileType`. Commits ------- 205a44e [Form] Filter file uploads out of regular form types
1 parent c9570ca commit ace0a05

File tree

8 files changed

+40
-10
lines changed

8 files changed

+40
-10
lines changed

src/Symfony/Component/Form/Extension/Core/Type/FileType.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ public function configureOptions(OptionsResolver $resolver)
105105
'data_class' => $dataClass,
106106
'e 8000 mpty_data' => $emptyData,
107107
'multiple' => false,
108+
'allow_file_upload' => true,
108109
));
109110
}
110111

src/Symfony/Component/Form/Extension/Core/Type/FormType.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,7 @@ public function configureOptions(OptionsResolver $resolver)
178178
'attr' => array(),
179179
'post_max_size_message' => 'The uploaded file was too large. Please try to upload a smaller file.',
180180
'upload_max_size_message' => $uploadMaxSizeMessage, // internal
181+
'allow_file_upload' => false,
181182
));
182183

183184
$resolver->setAllowedTypes('label_attr', 'array');

src/Symfony/Component/Form/Form.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -536,6 +536,11 @@ public function submit($submittedData, $clearMissing = true)
536536
$submittedData = null;
537537
} elseif (is_scalar($submittedData)) {
538538
$submittedData = (string) $submittedData;
539+
} elseif ($this->config->getOption('allow_file_upload')) {
540+
// no-op
541+
} elseif ($this->config->getRequestHandler()->isFileUpload($submittedData)) {
542+
$submittedData = null;
543+
$this->transformationFailure = new TransformationFailedException('Submitted data was expected to be text or number, file upload given.');
539544
}
540545

541546
$dispatcher = $this->config->getEventDispatcher();
@@ -545,6 +550,10 @@ public function submit($submittedData, $clearMissing = true)
545550
$viewData = null;
546551

547552
try {
553+
if (null !== $this->transformationFailure) {
554+
throw $this->transformationFailure;
555+
}
556+
548557
// Hook to change content of the data submitted by the browser
549558
if ($dispatcher->hasListeners(FormEvents::PRE_SUBMIT)) {
550559
$event = new FormEvent($this, $submittedData);

src/Symfony/Component/Form/Tests/CompoundFormTest.php

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -707,7 +707,7 @@ public function testSubmitPostOrPutRequestWithSingleChildForm($method)
707707
'REQUEST_METHOD' => $method,
708708
));
709709

710-
$form = $this->getBuilder('image')
710+
$form = $this->getBuilder('image', null, null, array('allow_file_upload' => true))
711711
->setMethod($method)
712712
->setRequestHandler(new HttpFoundationRequestHandler())
713713
->getForm();
@@ -1036,6 +1036,21 @@ public function testDisabledButtonIsNotSubmitted()
10361036
$this->assertFalse($submit->isSubmitted());
10371037
}
10381038

1039+
public function testFileUpload()
1040+
{
1041+
8000 $reqHandler = new HttpFoundationRequestHandler();
1042+
$this->form->add($this->getBuilder('foo')->setRequestHandler($reqHandler)->getForm());
1043+
$this->form->add($this->getBuilder('bar')->setRequestHandler($reqHandler)->getForm());
1044+
1045+
$this->form->submit(array(
1046+
'foo' => 'Foo',
1047+
'bar' => new UploadedFile(__FILE__, 'upload.png', 'image/png', 123, UPLOAD_ERR_OK),
1048+
));
1049+
1050+
$this->assertSame('Submitted data was expected to be text or number, file upload given.', $this->form->get('bar')->getTransformationFailure()->getMessage());
1051+
$this->assertNull($this->form->get('bar')->getData());
1052+
}
1053+
10391054
protected function createForm()
10401055
{
10411056
return $this->getBuilder()

src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 + 628C 28,7 @@
2828
"parent": {
2929
"Symfony\\Component\\Form\\Extension\\Core\\Type\\FormType": [
3030
"action",
31+
"allow_file_upload",
3132
"attr",
3233
"auto_initialize",
3334
"block_name",

src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.txt

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,15 +8,16 @@ Symfony\Component\Form\Extension\Core\Type\ChoiceType (Block prefix: "choice")
88
choice_attr FormType FormType FormTypeCsrfExtension
99
choice_label -------------------- ------------------------- -----------------------
1010
choice_loader compound action csrf_field_name
11-
choice_name data_class attr csrf_message
12-
choice_translation_domain empty_data auto_initialize csrf_protection
13-
choice_value error_bubbling block_name csrf_token_id
14-
choices trim by_reference csrf_token_manager
15-
expanded data
16-
group_by disabled
17-
multiple inherit_data
18-
placeholder label
19-
preferred_choices label_attr
11+
choice_name data_class allow_file_upload csrf_message
12+
choice_translation_domain empty_data attr csrf_protection
13+
choice_value error_bubbling auto_initialize csrf_token_id
14+
choices trim block_name csrf_token_manager
15+
expanded by_reference
16+
group_by data
17+
multiple disabled
18+
placeholder inherit_data
19+
preferred_choices label
20+
label_attr
2021
label_format
2122
mapped
2223
method

src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_2.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
"options": {
55
"own": [
66
"action",
7+
"allow_file_upload",
78
"attr",
89
"auto_initialize",
910
"block_name",

src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_2.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Symfony\Component\Form\Extension\Core\Type\FormType (Block prefix: "form")
66
Options
77
-------------------------
88
action
9+
allow_file_upload
910
attr
1011
auto_initialize
1112
block_name

0 commit comments

Comments
 (0)
0