8000 merged branch stealth35/fix_distant_trans (PR #2346) · fh-github/symfony@f75f466 · GitHub
[go: up one dir, main page]
Skip to content

Commit f75f466

Browse files
fabpotfabpot
committed
merged branch stealth35/fix_distant_trans (PR symfony#2346)
Commits ------- ae0685a [Translation] Loader should only load local files Discussion ---------- [Translation] Security : Loader should only load local files Bug fix: no Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: - See: symfony#2327
2 parents 50c47aa + ae0685a commit f75f466

File tree

6 files changed

+42
-0
lines changed

6 files changed

+42
-0
lines changed

src/Symfony/Component/Translation/Loader/CsvFileLoader.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ public function load($resource, $locale, $domain = 'messages')
3535
{
3636
$messages = array();
3737

38+
if (!stream_is_local($resource)) {
39+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
40+
}
41+
3842
try {
3943
$file = new \SplFileObject($resource, 'rb');
4044
} catch(\RuntimeException $e) {

src/Symfony/Component/Translation/Loader/PhpFileLoader.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ class PhpFileLoader extends ArrayLoader implements LoaderInterface
2929
*/
3030
public function load($resource, $locale, $domain = 'messages')
3131
{
32+
if (!stream_is_local($resource)) {
33+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
34+
}
35+
3236
$messages = require($resource);
3337

3438
$catalogue = parent::load($messages, $locale, $domain);

src/Symfony/Component/Translation/Loader/XliffFileLoader.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,10 @@ class XliffFileLoader implements LoaderInterface
3030
*/
3131
public function load($resource, $locale, $domain = 'messages')
3232
{
33+
if (!stream_is_local($resource)) {
34+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
35+
}
36+
3337
$xml = $this->parseFile($resource);
3438
$xml->registerXPathNamespace('xliff', 'urn:oasis:names:tc:xliff:document:1.2');
3539

tests/Symfony/Tests/Component/Translation/Loader/CsvFileLoaderTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,4 +47,14 @@ public function testLoadThrowsAnExceptionIfFileNotExists()
4747
$resource = __DIR__.'/../fixtures/not-exists.csv';
4848
$loader->load($resource, 'en', 'domain1');
4949
}
50+
51+
/**
52+
* @expectedException \InvalidArgumentException
53+
*/
54+
public function testLoadThrowsAnExceptionIfFileNotLocal()
55+
{
56+
$loader = new CsvFileLoader();
57+
$resource = 'http://example.com/resources.csv';
58+
$loader->load($resource, 'en', 'domain1');
59+
}
5060
}

tests/Symfony/Tests/Component/Translation/Loader/PhpFileLoaderTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,4 +26,14 @@ public function testLoad()
2626
$this->assertEquals('en', $catalogue->getLocale());
2727
$this->assertEquals(array(new FileResource($resource)), $catalogue->getResources());
2828
}
29+
30+
/**
31+
* @expectedException \InvalidArgumentException
32+
*/
33+
public function testLoadThrowsAnExceptionIfFileNotLocal()
34+
{
35+
$loader = new PhpFileLoader();
36+
$resource = 'http://example.com/resources.php';
37+
$loader->load($resource, 'en', 'domain1');
38+
}
2939
}

tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,4 +44,14 @@ public function testLoadResourceDoesNotValidate()
4444
$loader = new XliffFileLoader();
4545
$catalogue = $loader->load(__DIR__.'/../fixtures/non-valid.xliff', 'en', 'domain1');
4646
}
47+
48+
/**
49+
* @expectedException \InvalidArgumentException
50+
*/
51+
public function testLoadThrowsAnExceptionIfFileNotLocal()
52+
{
53+
$loader = new XliffFileLoader();
54+
$resource = 'http://example.com/resources.xliff';
55+
$loader->load($resource, 'en', 'domain1');
56+
}
4757
}

0 commit comments

Comments
 (0)
0