8000 security #cve-2018-19789 [Form] Filter file uploads out of regular fo… · raulfraile/symfony@b65e6f1 · GitHub
[go: up one dir, main page]
Skip to content

Commit b65e6f1

Browse files
nicolas-grekasnicolas-grekas
committed
security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas)
This PR was merged into the 2.7 branch. Discussion ---------- [Form] Filter file uploads out of regular form types | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - This PR filters uploaded files out of the data processed by any form type except `FileType`. Commits ------- 205a44e [Form] Filter file uploads out of regular form types
2 parents cb8302c + 205a44e commit b65e6f1

File tree

4 files changed

+27
-1
lines changed
8000

4 files changed

+27
-1
lines changed

src/Symfony/Component/Form/Extension/Core/Type/FileType.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ public function configureOptions(OptionsResolver $resolver)
105105
'data_class' => $dataClass,
106106
'empty_data' => $emptyData,
107107
'multiple' => false,
108+
'allow_file_upload' => true,
108109
));
109110
}
110111

src/Symfony/Component/Form/Extension/Core/Type/FormType.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,7 @@ public function configureOptions(OptionsResolver $resolver)
213213
'attr' => $defaultAttr,
214214
'post_max_size_message' => 'The uploaded file was too large. Please try to upload a smaller file.',
215215
'upload_max_size_message' => $uploadMaxSizeMessage, // internal
216+
'allow_file_upload' => false,
216217
));
217218

218219
$resolver->setAllowedTypes('label_attr', 'array');

src/Symfony/Component/Form/Form.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -541,6 +541,11 @@ public function submit($submittedData, $clearMissing = true)
541541
$submittedData = null;
542542
} elseif (is_scalar($submittedData)) {
543543
$submittedData = (string) $submittedData;
544+
} elseif ($this->config->getOption('allow_file_upload')) {
545+
// no-op
546+
} elseif ($this->config->getRequestHandler()->isFileUpload($submittedData)) {
547+
$submittedData = null;
548+
$this->transformationFailure = new TransformationFailedException('Submitted data was expected to be text or number, file upload given.');
544549
}
545550

546551
$dispatcher = $this->config->getEventDispatcher();
@@ -550,6 +555,10 @@ public function submit($submittedData, $clearMissing = true)
550555
$viewData = null;
551556

552557
try {
558+
if (null !== $this->transformationFailure) {
559+
throw $this->transformationFailure;
560+
}
561+
553562
// Hook to change content of the data submitted by the browser
554563
if ($dispatcher->hasListeners(FormEvents::PRE_SUBMIT)) {
555564
$event = new FormEvent($this, $submittedData);

src/Symfony/Component/Form/Tests/CompoundFormTest.php

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -712,7 +712,7 @@ public function testSubmitPostOrPutRequestWithSingleChildForm($method)
712712
'REQUEST_METHOD' => $method,
713713
));
714714

715-
$form = $this->getBuilder('image')
715+
$form = $this->getBuilder('image', null, null, array('allow_file_upload' => true))
716716
->setMethod($method)
717717
->setRequestHandler(new HttpFoundationRequestHandler())
718718
->getForm();
@@ -1088,6 +1088,21 @@ public function testDisabledButtonIsNotSubmitted()
10881088
$this->assertFalse($submit->isSubmitted());
10891089
}
10901090

1091+
public function testFileUpload()
1092+
{
1093+
$reqHandler = new HttpFoundationRequestHandler();
1094+
$this->form->add($this->getBuilder('foo')->setRequestHandler($reqHandler)->getForm());
1095+
$this->form->add($this->getBuilder('bar')->setRequestHandler($reqHandler)->getForm());
1096+
1097+
$this->form->submit(array(
1098+
'foo' => 'Foo',
1099+
'bar' => new UploadedFile(__FILE__, 'upload.png', 'image/png', 123, UPLOAD_ERR_OK),
1100+
));
1101+
1102+
$this->assertSame('Submitted data was expected to be text or number, file upload given.', $this->form->get('bar')->getTransformationFailure()->getMessage());
1103+
$this->assertNull($this->form->get('bar')->getData());
1104+
}
1105+
10911106
protected function createForm()
10921107
{
10931108
return $this->getBuilder()

0 commit comments

Comments
 (0)
0