8000 [HttpFoundation] Deprecate passing `referer_check`, `use_only_cookies… · symfony/symfony@1c95d62 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1c95d62

Browse files
alexandre-dauboisalexandre-daubois
committed
[HttpFoundation] Deprecate passing referer_check, use_only_cookies, use_trans_sid, trans_sid_hosts and trans_sid_tags options to NativeSessionStorage 
1 parent 44395ab commit 1c95d62

File tree

6 files changed

+40
-9
lines changed

6 files changed

+40
-9
lines changed

UPGRADE-7.2.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@ FrameworkBundle
2929

3030
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
3131

32+
HttpFoundation
33+
--------------
34+
35+
* Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
36+
3237
Ldap
3338
----
3439

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ CHANGELOG
77
* Add optional `$requests` parameter to `RequestStack::__construct()`
88
* Add optional `$v4Bytes` and `$v6Bytes` parameters to `IpUtils::anonymize()`
99
* Add `PRIVATE_SUBNETS` as a shortcut for private IP address ranges to `Request::setTrustedProxies()`
10+
* Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
1011

1112
7.1
1213
---

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -62,16 +62,16 @@ class NativeSessionStorage implements SessionStorageInterface
6262
* gc_probability, "1"
6363
* lazy_write, "1"
6464
* name, "PHPSESSID"
65-
* referer_check, ""
65+
* referer_check, "" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
6666
* serialize_handler, "php"
6767
* use_strict_mode, "1"
6868
* use_cookies, "1"
69-
* use_only_cookies, "1"
70-
* use_trans_sid, "0"
69+
* use_only_cookies, "1" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
70+
* use_trans_sid, "0" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
7171
* sid_length, "32"
7272
* sid_bits_per_character, "5"
73-
* trans_sid_hosts, $_SERVER['HTTP_HOST']
74-
* trans_sid_tags, "a=href,area=href,frame=src,form="
73+
* trans_sid_hosts, $_SERVER['HTTP_HOST'] (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
74+
* trans_sid_tags, "a=href,area=href,frame=src,form=" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
7575
*/
7676
public function __construct(array $options = [], AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null)
7777
{
@@ -328,6 +328,10 @@ public function setOptions(array $options): void
328328
]);
329329

330330
foreach ($options as $key => $value) {
331+
if (\in_array($key, ['referer_check', 'use_only_cookies', 'use_trans_sid', 'trans_sid_hosts', 'trans_sid_tags'], true)) {
332+
trigger_deprecation('symfony/http-foundation', '7.2', 'NativeSessionStorage\'s "%s" option is deprecated and will be ignored in Symfony 8.0.', $key);
333+
}
334+
331335
if (isset($validOptions[$key])) {
332336
if ('cookie_secure' === $key && 'auto' === $value) {
333337
continue;

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ ini_set('session.cookie_domain', '');
2828
ini_set('session.cookie_secure', '');
2929
ini_set('session.cookie_httponly', '');
3030
ini_set('session.use_cookies', 1);
31-
ini_set('session.use_only_cookies', 1);
3231
ini_set('session.cache_expire', 180);
3332
ini_set('session.cookie_path', '/');
3433
ini_set('session.cookie_domain', '');

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\HttpFoundation\Tests\Session\Storage;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\HttpFoundation\Session 57A6 \Attribute\AttributeBag;
1617
use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
1718
use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
@@ -32,6 +33,8 @@
3233
*/
3334
class NativeSessionStorageTest extends TestCase
3435
{
36+
use ExpectDeprecationTrait;
37+
3538
private string $savePath;
3639

3740
private $initialSessionSaveHandler;
@@ -206,13 +209,11 @@ public function testCookieOptions()
206209
public function testSessionOptions()
207210
{
208211
$options = [
209-
'trans_sid_tags' => 'a=href',
210212
'cache_expire' => '200',
211213
];
212214

213215
$this->getStorage($options);
214216

215-
$this->assertSame('a=href', \ini_get('session.trans_sid_tags'));
216217
$this->assertSame('200', \ini_get('session.cache_expire'));
217218
}
218219

@@ -337,4 +338,24 @@ public function testSaveHandlesNullSessionGracefully()
337338

338339
$this->addToAssertionCount(1);
339340
}
341+
342+
/**
343+
* @group legacy
344+
*/
345+
public function testPassingDeprecatedOptions()
346+
{
347+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "referer_check" option is deprecated and will be ignored in Symfony 8.0.');
348+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_only_cookies" option is deprecated and will be ignored in Symfony 8.0.');
349+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_trans_sid" option is deprecated and will be ignored in Symfony 8.0.');
350+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_hosts" option is deprecated and will be ignored in Symfony 8.0.');
351+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_tags" option is deprecated and will be ignored in Symfony 8.0.');
352+
353+
$this->getStorage([
354+
'referer_check' => 'foo',
355+
'use_only_cookies' => 'foo',
356+
'use_trans_sid' => 'foo',
357+
'trans_sid_hosts' => 'foo',
358+
'trans_sid_tags' => 'foo',
359+
]);
360+
}
340361
}

src/Symfony/Component/HttpFoundation/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
"require": {
1919
"php": ">=8.2",
2020
"symfony/polyfill-mbstring": "~1.1",
21-
"symfony/polyfill-php83": "^1.27"
21+
"symfony/polyfill-php83": "^1.27",
22+
"symfony/deprecation-contracts": "^2.5|^3.0"
2223
},
2324
"require-dev": {
2425
"doctrine/dbal": "^3.6|^4",

0 commit comments

Comments
 (0)
0