8000 Merge branch '4.3' into 4.4 · symfony/symfony@431a769 · GitHub
[go: up one dir, main page]
Skip to content

Commit 431a769

Browse files
xabbuhxabbuh
committed
Merge branch '4.3' into 4.4
* 4.3: fix translation domain tag the FileType service as a form type don't validate IP addresses from env var placeholders [Validator] Fix GroupSequenceProvider annotation [Messenger] fix delay exchange recreation after disconnect Update ajax security cheat sheet link Fix AuthenticationException::getToken typehint
2 parents dca9325 + a25c2af commit 431a769

File tree

13 files changed

+61
-45
lines changed

13 files changed

+61
-45
lines changed

src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@
7171
<argument type="service" id="form.choice_list_factory"/>
7272
</service>
7373
<service id="form.type.file" class="Symfony\Component\Form\Extension\Core\Type\FileType" public="true">
74+
<tag name="form.type" />
7475
<argument type="service" id="translator" on-invalid="ignore" />
7576
</service>
7677

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 0 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -143,15 +143,6 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
143143
->integerNode('port')->defaultNull()->end()
144144
->arrayNode('ips')
145145
->beforeNormalization()->ifString()->then(function ($v) { return [$v]; })->end()
146-
->beforeNormalization()->always()->then(function ($v) {
147-
foreach ($v as $ip) {
148-
if (false === $this->isValidIp($ip)) {
149-
throw new \LogicException(sprintf('The given "%s" value in the "access_control" config option is not a valid IP address.', $ip));
150-
}
151-
}
152-
153-
return $v;
154-
})->end()
155146
->prototype('scalar')->end()
156147
->end()
157148
->arrayNode('methods')
@@ -432,30 +423,4 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
432423
->end()
433424
;
434425
}
435-
436-
private function isValidIp(string $cidr): bool
437-
{
438-
$cidrParts = explode('/', $cidr);
439-
440-
if (1 === \count($cidrParts)) {
441-
return false !== filter_var($cidrParts[0], FILTER_VALIDATE_IP);
442-
}
443-
444-
$ip = $cidrParts[0];
445-
$netmask = $cidrParts[1];
446-
447-
if (!ctype_digit($netmask)) {
448-
return false;
449-
}
450-
451-
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
452-
return $netmask <= 32;
453-
}
454-
455-
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
456-
return $netmask <= 128;
457-
}
458-
459-
return false;
460-
}
461426
}

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -731,20 +731,32 @@ private function createExpression($container, $expression)
731731
return $this->expressions[$id] = new Reference($id);
732732
}
733733

734-
private function createRequestMatcher($container, $path = null, $host = null, int $port = null, $methods = [], $ip = null, array $attributes = [])
734+
private function createRequestMatcher(ContainerBuilder $container, $path = null, $host = null, int $port = null, $methods = [], array $ips = null, array $attributes = [])
735735
{
736736
if ($methods) {
737737
$methods = array_map('strtoupper', (array) $methods);
738738
}
739739

740-
$id = '.security.request_matcher.'.ContainerBuilder::hash([$path, $host, $port, $methods, $ip, $attributes]);
740+
if (null !== $ips) {
741+
foreach ($ips as $ip) {
742+
$container->resolveEnvPlaceholders($ip, null, $usedEnvs);
743+
744+
if (!$usedEnvs && !$this->isValidIp($ip)) {
745+
throw new \LogicException(sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip));
746+
}
747+
748+
$usedEnvs = null;
749+
}
750+
}
751+
752+
$id = '.security.request_matcher.'.ContainerBuilder::hash([$path, $host, $port, $methods, $ips, $attributes]);
741753

742754
if (isset($this->requestMatchers[$id])) {
743755
return $this->requestMatchers[$id];
744756
}
745757

746758
// only add arguments that are necessary
747-
$arguments = [$path, $host, $methods, $ip, $attributes, null, $port];
759+
$arguments = [$path, $host, $methods, $ips, $attributes, null, $port];
748760
while (\count($arguments) > 0 && !end($arguments)) {
749761
array_pop($arguments);
750762
}
@@ -788,4 +800,30 @@ public function getConfiguration(array $config, ContainerBuilder $container)
788800
// first assemble the factories
789801
return new MainConfiguration($this->factories, $this->userProviderFactories);
790802
}
803+
804+
private function isValidIp(string $cidr): bool
805+
{
806+
$cidrParts = explode('/', $cidr);
807+
808+
if (1 === \count($cidrParts)) {
809+
return false !== filter_var($cidrParts[0], FILTER_VALIDATE_IP);
810+
}
811+
812+
$ip = $cidrParts[0];
813+
$netmask = $cidrParts[1];
814+
815+
if (!ctype_digit($netmask)) {
816+
return false;
817+
}
818+
819+
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
820+
return $netmask <= 32;
821+
}
822+
823+
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
824+
return $netmask <= 128;
825+
}
826+
827+
return false;
828+
}
791829
}

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/routing.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,12 @@ secured-by-one-real-ip-with-mask:
4040
secured-by-one-real-ipv6:
4141
path: /secured-by-one-real-ipv6
4242

43+
secured-by-one-env-placeholder:
44+
path: /secured-by-one-env-placeholder
45+
46+
secured-by-one-env-placeholder-and-one-real-ip:
47+
path: /secured-by-one-env-placeholder-and-one-real-ip
48+
4349
form_logout:
4450
path: /logout_path
4551

src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ public function testSecurityConfigurationForExpression($config)
109109
public function testInvalidIpsInAccessControl()
110110
{
111111
$this->expectException(\LogicException::class);
112-
$this->expectExceptionMessage('The given "256.357.458.559" value in the "access_control" config option is not a valid IP address.');
112+
$this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.');
113113

114114
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml']);
115115
$client->request('GET', '/unprotected_resource');

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
imports:
22
- { resource: ./../config/default.yml }
33

4+
parameters:
5+
env(APP_IP): '127.0.0.1'
6+
47
security:
58
encoders:
69
Symfony\Component\Security\Core\User\User: plaintext
@@ -43,6 +46,8 @@ security:
4346
- { path: ^/secured-by-one-real-ip$, ips: 198.51.100.0, roles: IS_AUTHENTICATED_ANONYMOUSLY }
4447
- { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: IS_AUTHENTICATED_ANONYMOUSLY }
4548
- { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: IS_AUTHENTICATED_ANONYMOUSLY }
49+
- { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
50+
- { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
4651
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
4752
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
4853
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,4 @@ security:
1919

2020
access_control:
2121
# the '256.357.458.559' IP is wrong on purpose, to check invalid IP errors
22-
- { path: ^/unprotected_resource$, ips: [1.1.1.1, 256.357.458.559], roles: IS_AUTHENTICATED_ANONYMOUSLY }
22+
- { path: ^/unprotected_resource$, ips: [1.1.1.1, '%env(APP_IP)%', 256.357.458.559], roles: IS_AUTHENTICATED_ANONYMOUSLY }

src/Symfony/Component/Form/Extension/Core/Type/FileType.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ private function getFileUploadError($errorCode)
166166
}
167167

168168
if (null !== $this->translator) {
169-
$message = $this->translator->trans($messageTemplate, $messageParameters);
169+
$message = $this->translator->trans($messageTemplate, $messageParameters, 'validators');
170170
} else {
171171
$message = strtr($messageTemplate, $messageParameters);
172172
}

src/Symfony/Component/HttpFoundation/JsonResponse.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* object. It is however recommended that you do return an object as it
1919
* protects yourself against XSSI and JSON-JavaScript Hijacking.
2020
*
21-
* @see https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_return_JSON_with_an_Object_on_the_outside
21+
* @see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/AJAX_Security_Cheat_Sheet.md#always-return-json-with-an-object-on-the-outside
2222
*
2323
* @author Igor Wiedler <igor@wiedler.ch>
2424
*/

src/Symfony/Component/Messenger/Transport/AmqpExt/Connection.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -430,6 +430,7 @@ private function clear(): void
430430
$this->amqpChannel = null;
431431
$this->amqpQueues = [];
432432
$this->amqpExchange = null;
433+
$this->amqpDelayExchange = null;
433434
}
434435

435436
private function shouldSetup(): bool

src/Symfony/Component/Security/Core/Exception/AuthenticationException.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ class AuthenticationException extends RuntimeException
2626
/**
2727
* Get the token.
2828
*
29-
* @return TokenInterface
29+
* @return TokenInterface|null
3030
*/
3131
public function getToken()
3232
{

src/Symfony/Component/Validator/Constraints/GroupSequence.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ class GroupSequence
5757
/**
5858
* The groups in the sequence.
5959
*
60-
* @var string[]|array[]|GroupSequence[]
60+
* @var string[]|string[][]|GroupSequence[]
6161
*/
6262
public $groups;
6363

src/Symfony/Component/Validator/GroupSequenceProviderInterface.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ interface GroupSequenceProviderInterface
2222
* Returns which validation groups should be used for a certain state
2323
* of the object.
2424
*
25-
* @return string[]|GroupSequence An array of validation groups
25+
* @return string[]|string[][]|GroupSequence An array of validation groups
2626
*/
2727
public function getGroupSequence();
2828
}

0 commit comments

Comments
 (0)
0