symfony
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 1 addition & 1 deletion b/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/Cache/Adapter/AbstractAdapter.php
Lines changed: 43 additions & 3 deletions b/‎src/Symfony/Component/Cache/Adapter/AbstractAdapter.php
Lines changed: 43 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Cache/Adapter/ApcuAdapter.php
Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Component/Cache/Adapter/ApcuAdapter.php
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Cache/Adapter/ArrayAdapter.php
Lines changed: 35 additions & 11 deletions b/‎src/Symfony/Component/Cache/Adapter/ArrayAdapter.php
Lines changed: 35 additions & 11 deletions
diff --git a/‎src/Symfony/Component/Cache/Adapter/DoctrineAdapter.php
Lines changed: 19 additions & 1 deletion b/‎src/Symfony/Component/Cache/Adapter/DoctrineAdapter.php
Lines changed: 19 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Cache/Adapter/FilesystemAdapter.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Cache/Adapter/FilesystemAdapter.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Cache/Adapter/PhpArrayAdapter.php
Lines changed: 24 additions & 8 deletions b/‎src/Symfony/Component/Cache/Adapter/PhpArrayAdapter.php
Lines changed: 24 additions & 8 deletions
diff --git a/‎src/Symfony/Component/Cache/Adapter/RedisAdapter.php
Lines changed: 1 addition & 5 deletions b/‎src/Symfony/Component/Cache/Adapter/RedisAdapter.php
Lines changed: 1 addition & 5 deletions
diff --git a/‎src/Symfony/Component/Cache/Tests/Adapter/AdapterTestCase.php
Lines changed: 38 additions & 0 deletions b/‎src/Symfony/Component/Cache/Tests/Adapter/AdapterTestCase.php
Lines changed: 38 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Cache/Tests/Adapter/DoctrineAdapterTest.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/Cache/Tests/Adapter/DoctrineAdapterTest.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/Config/Definition/Builder/NodeBuilder.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Config/Definition/Builder/NodeBuilder.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Config/Definition/Builder/NodeDefinition.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Config/Definition/Builder/NodeDefinition.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php
Lines changed: 9 additions & 15 deletions b/‎src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php
Lines changed: 9 additions & 15 deletions
@@ -1,6 +1,6 @@
 | Q             | A
 | ------------- | ---
-| Branch?       | "master" for new features / 2.7, 2.8, 3.0 or 3.1 for fixes
+| Branch?       | "master" for new features / 2.7, 2.8 or 3.1 for fixes
 | Bug fix?      | yes/no
 | New feature?  | yes/no
 | BC breaks?    | yes/no
 
@@ -12,6 +12,7 @@
             <argument>%form.type_extension.csrf.field_name%</argument>
             <argument type="service" id="translator.default" />
             <argument>%validator.translation_domain%</argument>
+            <argument type="service" id="form.server_params" />
         </service>
     </services>
 </container>
@@ -370,6 +370,33 @@ public function __destruct()
         }
     }
 
+    /**
+     * Like the native unserialize() function but throws an exception if anything goes wrong.
+     *
+     * @param string $value
+     *
+     * @return mixed
+     *
+     * @throws \Exception
+     */
+    protected static function unserialize($value)
+    {
+        if ('b:0;' === $value) {
+            return false;
+        }
+        $unserializeCallbackHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');
+        try {
+            if (false !== $value = unserialize($value)) {
+                return $value;
+            }
+            throw new \DomainException('Failed to unserialize cached value');
+        } catch (\Error $e) {
+            throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());
+        } finally {
+            ini_set('unserialize_callback_func', $unserializeCallbackHandler);
+        }
+    }
+
     private function getId($key)
     {
         CacheItem::validateKey($key);
@@ -381,13 +408,26 @@ private function generateItems($items, &$keys)
     {
         $f = $this->createCacheItem;
 
-        foreach ($items as $id => $value) {
-            yield $keys[$id] => $f($keys[$id], $value, true);
-            unset($keys[$id]);
+        try {
+            foreach ($items as $id => $value) {
+                $key = $keys[$id];
+                unset($keys[$id]);
+                yield $key => $f($key, $value, true);
+            }
+        } catch (\Exception $e) {
+            CacheItem::log($this->logger, 'Failed to fetch requested items', array('keys' => array_values($keys), 'exception' => $e));
         }
 
         foreach ($keys as $key) {
             yield $key => $f($key, null, false);
         }
     }
+
+    /**
+     * @internal
+     */
+    public static function handleUnserializeCallback($class)
+    {
+        throw new \DomainException('Class not found: '.$class);
+    }
 }
@@ -49,7 +49,11 @@ public function __construct($namespace = '', $defaultLifetime = 0, $version = nu
      */
     protected function doFetch(array $ids)
     {
-        return apcu_fetch($ids);
+        try {
+            return apcu_fetch($ids);
+        } catch (\Error $e) {
+            throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());
+        }
     }
 
     /**
 
@@ -55,12 +55,22 @@ function ($key, $value, $isHit) use ($defaultLifetime) {
      */
     public function getItem($key)
     {
-        if (!$isHit = $this->hasItem($key)) {
+        $isHit = $this->hasItem($key);
+        try {
+            if (!$isHit) {
+                $this->values[$key] = $value = null;
+            } elseif (!$this->storeSerialized) {
+                $value = $this->values[$key];
+            } elseif ('b:0;' === $value = $this->values[$key]) {
+                $value = false;
+            } elseif (false === $value = unserialize($value)) {
+                $value = null;
+                $isHit = false;
+            }
+        } catch (\Exception $e) {
+            CacheItem::log($this->logger, 'Failed to unserialize key "{key}"', array('key' => $key, 'exception' => $e));
             $this->values[$key] = $value = null;
-        } elseif ($this->storeSerialized) {
-            $value = unserialize($this->values[$key]);
-        } else {
-            $value = $this->values[$key];
+            $isHit = false;
         }
         $f = $this->createCacheItem;
 
@@ -191,16 +201,30 @@ private function generateItems(array $keys, $now)
     {
         $f = $this->createCacheItem;
 
-        foreach ($keys as $key) {
-            if (!$isHit = isset($this->expiries[$key]) && ($this->expiries[$key] >= $now || !$this->deleteItem($key))) {
+        foreach ($keys as $i => $key) {
+            try {
+                if (!$isHit = isset($this->expiries[$key]) && ($this->expiries[$key] >= $now || !$this->deleteItem($key))) {
+                    $this->values[$key] = $value = null;
+                } elseif (!$this->storeSerialized) {
+                    $value = $this->values[$key];
+                } elseif ('b:0;' === $value = $this->values[$key]) {
+                    $value = false;
+                } elseif (false === $value = unserialize($value)) {
+                    $value = null;
+                    $isHit = false;
+                }
+            } catch (\Exception $e) {
+                CacheItem::log($this->logger, 'Failed to unserialize key "{key}"', array('key' => $key, 'exception' => $e));
                 $this->values[$key] = $value = null;
-            } elseif ($this->storeSerialized) {
-                $value = unserialize($this->values[$key]);
-            } else {
-                $value = $this->values[$key];
+                $isHit = false;
             }
+            unset($keys[$i]);
 
             yield $key => $f($key, $value, $isHit);
         }
+
+        foreach ($keys as $key) {
+            yield $key => $f($key, null, false);
+        }
     }
 }
@@ -32,7 +32,25 @@ public function __construct(CacheProvider $provider, $namespace = '', $defaultLi
      */
     protected function doFetch(array $ids)
     {
-        return $this->provider->fetchMultiple($ids);
+        $unserializeCallbackHandler = ini_set('unserialize_callback_func', parent::class.'::handleUnserializeCallback');
+        try {
+            return $this->provider->fetchMultiple($ids);
+        } catch (\Error $e) {
+            $trace = $e->getTrace();
+
+            if (isset($trace[0]['function']) && !isset($trace[0]['class'])) {
+                switch ($trace[0]['function']) {
+                    case 'unserialize':
+                    case 'apcu_fetch':
+                    case 'apc_fetch':
+                        throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());
+                }
+            }
+
+            throw $e;
+        } finally {
+            ini_set('unserialize_callback_func', $unserializeCallbackHandler);
+        }
     }
 
     /**
 
@@ -34,7 +34,7 @@ protected function doFetch(array $ids)
 
         foreach ($ids as $id) {
             $file = $this->getFile($id);
-            if (!$h = @fopen($file, 'rb')) {
+            if (!file_exists($file) || !$h = @fopen($file, 'rb')) {
                 continue;
             }
             if ($now >= (int) $expiresAt = fgets($h)) {
@@ -47,7 +47,7 @@ protected function doFetch(array $ids)
                 $value = stream_get_contents($h);
                 fclose($h);
                 if ($i === $id) {
-                    $values[$id] = unserialize($value);
+                    $values[$id] = parent::unserialize($value);
                 }
             }
         }
 
@@ -39,11 +39,11 @@ public function __construct($file, AdapterInterface $fallbackPool)
         $this->file = $file;
         $this->fallbackPool = $fallbackPool;
         $this->createCacheItem = \Closure::bind(
-            function ($key, $value) {
+            function ($key, $value, $isHit) {
                 $item = new CacheItem();
                 $item->key = $key;
                 $item->value = $value;
-                $item->isHit = true;
+                $item->isHit = $isHit;
 
                 return $item;
             },
@@ -176,16 +176,26 @@ public function getItem($key)
         }
 
         $value = $this->values[$key];
+        $isHit = true;
 
         if ('N;' === $value) {
             $value = null;
         } elseif (is_string($value) && isset($value[2]) && ':' === $value[1]) {
-            $value = unserialize($value);
+            try {
+                $e = null;
+                $value = unserialize($value);
+            } catch (\Error $e) {
+            } catch (\Exception $e) {
+            }
+            if (null !== $e) {
+                $value = null;
+                $isHit = false;
+            }
         }
 
         $f = $this->createCacheItem;
 
-        return $f($key, $value);
+        return $f($key, $value, $isHit);
     }
 
     /**
@@ -338,12 +348,18 @@ private function generateItems(array $keys)
                 $value = $this->values[$key];
 
                 if ('N;' === $value) {
-                    $value = null;
+                    yield $key => $f($key, null, true);
                 } elseif (is_string($value) && isset($value[2]) && ':' === $value[1]) {
-                    $value = unserialize($value);
+                    try {
+                        yield $key => $f($key, unserialize($value), true);
+                    } catch (\Error $e) {
+                        yield $key => $f($key, null, false);
+                    } catch (\Exception $e) {
+                        yield $key => $f($key, null, false);
+                    }
+                } else {
+                    yield $key => $f($key, $value, true);
                 }
-
-                yield $key => $f($key, $value);
             } else {
                 $fallbackKeys[] = $key;
             }
 
@@ -134,19 +134,15 @@ public static function createConnection($dsn, array $options = array())
      */
     protected function doFetch(array $ids)
     {
-        $result = array();
-
         if ($ids) {
             $values = $this->redis->mGet($ids);
             $index = 0;
             foreach ($ids as $id) {
                 if ($value = $values[$index++]) {
-                    $result[$id] = unserialize($value);
+                    yield $id => parent::unserialize($value);
                 }
             }
         }
-
-        return $result;
     }
 
     /**
 
@@ -46,4 +46,42 @@ public function testDefaultLifeTime()
         $item = $cache->getItem('key.dlt');
         $this->assertFalse($item->isHit());
     }
+
+    public function testNotUnserializable()
+    {
+        if (isset($this->skippedTests[__FUNCTION__])) {
+            $this->markTestSkipped($this->skippedTests[__FUNCTION__]);
+
+            return;
+        }
+
+        $cache = $this->createCachePool();
+
+        $item = $cache->getItem('foo');
+        $cache->save($item->set(new NotUnserializable()));
+
+        $item = $cache->getItem('foo');
+        $this->assertFalse($item->isHit());
+
+        foreach ($cache->getItems(array('foo')) as $item) {
+        }
+        $cache->save($item->set(new NotUnserializable()));
+
+        foreach ($cache->getItems(array('foo')) as $item) {
+        }
+        $this->assertFalse($item->isHit());
+    }
+}
+
+class NotUnserializable implements \Serializable
+{
+    public function serialize()
+    {
+        return serialize(123);
+    }
+
+    public function unserialize($ser)
+    {
+        throw new \Exception(__CLASS__);
+    }
 }
@@ -22,6 +22,7 @@ class DoctrineAdapterTest extends AdapterTestCase
     protected $skippedTests = array(
         'testDeferredSaveWithoutCommit' => 'Assumes a shared cache which ArrayCache is not.',
         'testSaveWithoutExpire' => 'Assumes a shared cache which ArrayCache is not.',
+        'testNotUnserializable' => 'ArrayCache does not use serialize/unserialize',
     );
 
     public function createCachePool($defaultLifetime = 0)
 
@@ -138,7 +138,7 @@ public function variableNode($name)
     /**
      * Returns the parent node.
      *
-     * @return ParentNodeDefinitionInterface The parent node
+     * @return ParentNodeDefinitionInterface|NodeDefinition The parent node
      */
     public function end()
     {
 
@@ -107,7 +107,7 @@ public function attribute($key, $value)
     /**
      * Returns the parent node.
      *
-     * @return NodeParentInterface|null The builder of the parent node
+     * @return NodeParentInterface|NodeBuilder|NodeDefinition|null The builder of the parent node
      */
     public function end()
     {
 
@@ -45,21 +45,15 @@ public function process(ContainerBuilder $container)
                     $this->completeDefinition($id, $definition);
                 }
             }
-        } catch (\Exception $e) {
-        } catch (\Throwable $e) {
-        }
-
-        spl_autoload_unregister($throwingAutoloader);
-
-        // Free memory and remove circular reference to container
-        $this->container = null;
-        $this->reflectionClasses = array();
-        $this->definedTypes = array();
-        $this->types = null;
-        $this->ambiguousServiceTypes = array();
-
-        if (isset($e)) {
-            throw $e;
+        } finally {
+            spl_autoload_unregister($throwingAutoloader);
+
+            // Free memory and remove circular reference to container
+            $this->container = null;
+            $this->reflectionClasses = array();
+            $this->definedTypes = array();
+            $this->types = null;
+            $this->ambiguousServiceTypes = array();
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,11 @@ public function __construct($namespace = '', $defaultLifetime = 0, $version = nu`
`49`	`49`	`*/`
`50`	`50`	`protected function doFetch(array $ids)`
`51`	`51`	`{`
`52`		`- return apcu_fetch($ids);`
	`52`	`+ try {`
F438	`53`	`+ return apcu_fetch($ids);`
	`54`	`+ } catch (\Error $e) {`
	`55`	`+ throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());`
	`56`	`+ }`
`53`	`57`	`}`
`54`	`58`
`55`	`59`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ protected function doFetch(array $ids)`
`34`	`34`
`35`	`35`	`foreach ($ids as $id) {`
`36`	`36`	`$file = $this->getFile($id);`
`37`		`- if (!$h = @fopen($file, 'rb')) {`
	`37`	`+ if (!file_exists($file) \|\| !$h = @fopen($file, 'rb')) {`
`38`	`38`	`continue;`
`39`	`39`	`}`
`40`	`40`	`if ($now >= (int) $expiresAt = fgets($h)) {`
`@@ -47,7 +47,7 @@ protected function doFetch(array $ids)`
`47`	`47`	`$value = stream_get_contents($h);`
`48`	`48`	`fclose($h);`
`49`	`49`	`if ($i === $id) {`
`50`		`- $values[$id] = unserialize($value);`
	`50`	`+ $values[$id] = parent::unserialize($value);`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,19 +134,15 @@ public static function createConnection($dsn, array $options = array())`
`134`	`134`	`*/`
`135`	`135`	`protected function doFetch(array $ids)`
`136`	`136`	`{`
`137`		`- $result = array();`
`138`		`-`
`139`	`137`	`if ($ids) {`
`140`	`138`	`$values = $this->redis->mGet($ids);`
`141`	`139`	`$index = 0;`
`142`	`140`	`foreach ($ids as $id) {`
`143`	`141`	`if ($value = $values[$index++]) {`
`144`		`- $result[$id] = unserialize($value);`
	`142`	`+ yield $id => parent::unserialize($value);`
`145`	`143`	`}`
`146`	`144`	`}`
`147`	`145`	`}`
`148`		`-`
`149`		`- return $result;`
`150`	`146`	`}`
`151`	`147`
`152`	`148`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ public function variableNode($name)`
`138`	`138`	`/**`
`139`	`139`	`* Returns the parent node.`
`140`	`140`	`*`
`141`		`- * @return ParentNodeDefinitionInterface The parent node`
	`141`	`+ * @return ParentNodeDefinitionInterface\|NodeDefinition The parent node`
`142`	`142`	`*/`
`143`	`143`	`public function end()`
`144`	`144`	`{`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public function attribute($key, $value)`
`107`	`107`	`/**`
`108`	`108`	`* Returns the parent node.`
`109`	`109`	`*`
`110`		`- * @return NodeParentInterface\|null The builder of the parent node`
	`110`	`+ * @return NodeParentInterface\|NodeBuilder\|NodeDefinition\|null The builder of the parent node`
`111`	`111`	`*/`
`112`	`112`	`public function end()`
`113`	`113`	`{`