symfony
diff --git a/‎appveyor.yml
Lines changed: 1 addition & 0 deletions b/‎appveyor.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php
Lines changed: 13 additions & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Request.php
Lines changed: 13 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Lines changed: 11 additions & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Lines changed: 11 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php
Lines changed: 5 additions & 5 deletions b/‎src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php
Lines changed: 24 additions & 0 deletions b/‎src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php
Lines changed: 24 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php
Lines changed: 11 additions & 0 deletions b/‎src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Lines changed: 3 additions & 5 deletions b/‎src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Lines changed: 3 additions & 5 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
Lines changed: 10 additions & 7 deletions b/‎src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
Lines changed: 10 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
Lines changed: 9 additions & 6 deletions b/‎src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
Lines changed: 9 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
Lines changed: 32 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
Lines changed: 32 additions & 0 deletions
@@ -31,6 +31,7 @@ install:
     - 7z x php_memcache-3.0.8-5.3-nts-vc9-x86.zip -y >nul
     - cd ..
     - copy /Y php.ini-development php.ini-min
+    - echo memory_limit=-1 >> php.ini-min
     - echo serialize_precision=14 >> php.ini-min
     - echo max_execution_time=1200 >> php.ini-min
     - echo date.timezone="America/Los_Angeles" >> php.ini-min
 
@@ -505,9 +505,21 @@ public function __toString()
             return trigger_error($e, E_USER_ERROR);
         }
 
+        $cookieHeader = '';
+        $cookies = array();
+
+        foreach ($this->cookies as $k => $v) {
+            $cookies[] = $k.'='.$v;
+        }
+
+        if (!empty($cookies)) {
+            $cookieHeader = 'Cookie: '.implode('; ', $cookies)."\r\n";
+        }
+
         return
             sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n".
-            $this->headers."\r\n".
+            $this->headers.
+            $cookieHeader."\r\n".
             $content;
     }
 
 
@@ -1454,8 +1454,18 @@ public function testToString()
         $request = new Request();
 
         $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6');
+        $request->cookies->set('Foo', 'Bar');
 
-        $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $request->__toString());
+        $asString = (string) $request;
+
+        $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $asString);
+        $this->assertContains('Cookie: Foo=Bar', $asString);
+
+        $request->cookies->set('Another', 'Cookie');
+
+        $asString = (string) $request;
+
+        $this->assertContains('Cookie: Foo=Bar; Another=Cookie', $asString);
     }
 
     public function testIsMethod()
 
@@ -107,22 +107,22 @@ protected function findClass($file)
             }
 
             if (T_CLASS === $token[0]) {
-                // Skip usage of ::class constant
-                $isClassConstant = false;
+                // Skip usage of ::class constant and anonymous classes
+                $skipClassToken = false;
                 for ($j = $i - 1; $j > 0; --$j) {
                     if (!isset($tokens[$j][1])) {
                         break;
                     }
 
-                    if (T_DOUBLE_COLON === $tokens[$j][0]) {
-                        $isClassConstant = true;
+                    if (T_DOUBLE_COLON === $tokens[$j][0] || T_NEW === $tokens[$j][0]) {
+                        $skipClassToken = true;
                         break;
                     } elseif (!in_array($tokens[$j][0], array(T_WHITESPACE, T_DOC_COMMENT, T_COMMENT))) {
                         break;
                     }
                 }
 
-                if (!$isClassConstant) {
+                if (!$skipClassToken) {
                     $class = true;
                 }
             }
 
@@ -0,0 +1,24 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Routing\Tests\Fixtures\OtherAnnotatedClasses;
+
+trait AnonymousClassInTrait
+{
+    public function test()
+    {
+        return new class() {
+            public function foo()
+            {
+            }
+        };
+    }
+}
@@ -58,6 +58,17 @@ public function testLoadVariadic()
         $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/VariadicClass.php');
     }
 
+    /**
+     * @requires PHP 7.0
+     */
+    public function testLoadAnonymousClass()
+    {
+        $this->reader->expects($this->never())->method('getClassAnnotation');
+        $this->reader->expects($this->never())->method('getMethodAnnotations');
+
+        $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php');
+    }
+
     public function testSupports()
     {
         $fixture = __DIR__.'/../Fixtures/annotated.php';
 
@@ -39,8 +39,6 @@ class ContextListener implements ListenerInterface
     private $dispatcher;
     private $registered;
 
-    private static $unserializeExceptionCode = 0x37313bc;
-
     public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
     {
         if (empty($contextKey)) {
@@ -180,7 +178,7 @@ private function safelyUnserialize($serializedToken)
         $prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');
         $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = array()) use (&$prevErrorHandler) {
             if (__FILE__ === $file) {
-                throw new \UnexpectedValueException($msg, self::$unserializeExceptionCode);
+                throw new \UnexpectedValueException($msg, 0x37313bc);
             }
 
             return $prevErrorHandler ? $prevErrorHandler($type, $msg, $file, $line, $context) : false;
@@ -194,7 +192,7 @@ private function safelyUnserialize($serializedToken)
         restore_error_handler();
         ini_set('unserialize_callback_func', $prevUnserializeHandler);
         if ($e) {
-            if (!$e instanceof \UnexpectedValueException || self::$unserializeExceptionCode !== $e->getCode()) {
+            if (!$e instanceof \UnexpectedValueException || 0x37313bc !== $e->getCode()) {
                 throw $e;
             }
             if ($this->logger) {
@@ -210,6 +208,6 @@ private function safelyUnserialize($serializedToken)
      */
     public static function handleUnserializeCallback($class)
     {
-        throw new \UnexpectedValueException('Class not found: '.$class, self::$unserializeExceptionCode);
+        throw new \UnexpectedValueException('Class not found: '.$class, 0x37313bc);
     }
 }
@@ -15,6 +15,7 @@
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter;
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
 use Symfony\Component\Security\Csrf\CsrfToken;
@@ -118,15 +119,17 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        if ($this->options['post_only']) {
-            $username = trim(ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']));
-            $password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
-        } else {
-            $username = trim(ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']));
-            $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
+        $requestBag = $this->options['post_only'] ? $request->request : $request;
+        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
+        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
+
+        if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
+            throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
         }
 
-        if (strlen($username) > Security::MAX_USERNAME_LENGTH) {
+        $username = trim($username);
+
+        if (\strlen($username) > Security::MAX_USERNAME_LENGTH) {
             throw new BadCredentialsException('Invalid username.');
         }
 
 
@@ -15,6 +15,7 @@
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
@@ -95,14 +96,16 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        if ($this->options['post_only']) {
-            $username = trim(ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']));
-            $password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
-        } else {
-            $username = trim(ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']));
-            $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
+        $requestBag = $this->options['post_only'] ? $request->request : $request;
+        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
+        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
+
+        if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
+            throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
         }
 
+        $username = trim($username);
+
         if (strlen($username) > Security::MAX_USERNAME_LENGTH) {
             throw new BadCredentialsException('Invalid username.');
         }
 
@@ -14,8 +14,15 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
+use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;
 use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener;
 use Symfony\Component\Security\Core\SecurityContextInterface;
+use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
 
 class UsernamePasswordFormAuthenticationListenerTest extends TestCase
 {
@@ -69,6 +76,31 @@ public function testHandleWhenUsernameLength($username, $ok)
         $listener->handle($event);
     }
 
+    /**
+     * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
+     * @expectedExceptionMessage The key "_username" must be a string, "array" given.
+     */
+    public function testHandleNonStringUsername()
+    {
+        $request = Request::create('/login_check', 'POST', array('_username' => array()));
+        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
+
+        $listener = new UsernamePasswordFormAuthenticationListener(
+            new TokenStorage(),
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
+            $httpUtils = new HttpUtils(),
+            'foo',
+            new DefaultAuthenticationSuccessHandler($httpUtils),
+            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
+            array('require_previous_session' => false)
+        );
+
+        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
+
+        $listener->handle($event);
+    }
+
     public function getUsernameForLength()
     {
         return array(
Original file line number	Diff line number	Diff line change
`@@ -107,22 +107,22 @@ protected function findClass($file)`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`if (T_CLASS === $token[0]) {`
`110`		`- // Skip usage of ::class constant`
`111`		`- $isClassConstant = false;`
	`110`	`+ // Skip usage of ::class constant and anonymous classes`
	`111`	`+ $skipClassToken = false;`
`112`	`112`	`for ($j = $i - 1; $j > 0; --$j) {`
`113`	`113`	`if (!isset($tokens[$j][1])) {`
`114`	`114`	`break;`
`115`	`115`	`}`
`116`	`116`
`117`		`- if (T_DOUBLE_COLON === $tokens[$j][0]) {`
`118`		`- $isClassConstant = true;`
	`117`	`+ if (T_DOUBLE_COLON === $tokens[$j][0] \|\| T_NEW === $tokens[$j][0]) {`
	`118`	`+ $skipClassToken = true;`
`119`	`119`	`break;`
`120`	`120`	`} elseif (!in_array($tokens[$j][0], array(T_WHITESPACE, T_DOC_COMMENT, T_COMMENT))) {`
`121`	`121`	`break;`
`122`	`122`	`}`
`123`	`123`	`}`
`124`	`124`
`125`		`- if (!$isClassConstant) {`
	`125`	`+ if (!$skipClassToken) {`
`126`	`126`	`$class = true;`
`127`	`127`	`}`
`128`	`128`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,8 +39,6 @@ class ContextListener implements ListenerInterface`
`39`	`39`	`private $dispatcher;`
`40`	`40`	`private $registered;`
`41`	`41`
`42`		`- private static $unserializeExceptionCode = 0x37313bc;`
`43`		`-`
`44`	`42`	`public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)`
`45`	`43`	`{`
`46`	`44`	`if (empty($contextKey)) {`
`@@ -180,7 +178,7 @@ private function safelyUnserialize($serializedToken)`
`180`	`178`	`$prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');`
`181`	`179`	`$prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = array()) use (&$prevErrorHandler) {`
`182`	`180`	`if (__FILE__ === $file) {`
`183`		`- throw new \UnexpectedValueException($msg, self::$unserializeExceptionCode);`
	`181`	`+ throw new \UnexpectedValueException($msg, 0x37313bc);`
`184`	`182`	`}`
`185`	`183`
`186`	`184`	`return $prevErrorHandler ? $prevErrorHandler($type, $msg, $file, $line, $context) : false;`
`@@ -194,7 +192,7 @@ private function safelyUnserialize($serializedToken)`
`194`	`192`	`restore_error_handler();`
`195`	`193`	`ini_set('unserialize_callback_func', $prevUnserializeHandler);`
`196`	`194`	`if ($e) {`
`197`		`- if (!$e instanceof \UnexpectedValueException \|\| self::$unserializeExceptionCode !== $e->getCode()) {`
	`195`	`+ if (!$e instanceof \UnexpectedValueException \|\| 0x37313bc !== $e->getCode()) {`
`198`	`196`	`throw $e;`
`199`	`197`	`}`
`200`	`198`	`if ($this->logger) {`
`@@ -210,6 +208,6 @@ private function safelyUnserialize($serializedToken)`
`210`	`208`	`*/`
`211`	`209`	`public static function handleUnserializeCallback($class)`
`212`	`210`	`{`
`213`		`- throw new \UnexpectedValueException('Class not found: '.$class, self::$unserializeExceptionCode);`
	`211`	`+ throw new \UnexpectedValueException('Class not found: '.$class, 0x37313bc);`
`214`	`212`	`}`
`215`	`213`	`}`