symfony
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/AbstractSurrogate.php
Lines changed: 11 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/AbstractSurrogate.php
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/Esi.php
Lines changed: 1 addition & 3 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/Esi.php
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 14 additions & 16 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 14 additions & 16 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/Ssi.php
Lines changed: 1 addition & 4 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/Ssi.php
Lines changed: 1 addition & 4 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/Store.php
Lines changed: 12 additions & 2 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/Store.php
Lines changed: 12 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTestCase.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTestCase.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php
Lines changed: 34 additions & 7 deletions b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php
Lines changed: 34 additions & 7 deletions
@@ -133,4 +133,15 @@ protected function removeFromControl(Response $response)
             $response->headers->set('Surrogate-Control', preg_replace(sprintf('#content="%s/1.0",\s*#', $upperName), '', $value));
         }
+
+    protected static function generateBodyEvalBoundary(): string
+    {
+        static $cookie;
+        $cookie = hash('md5', $cookie ?? $cookie = random_bytes(16), true);
+        $boundary = base64_encode($cookie);
+
+        \assert(\strlen($boundary) === HttpCache::BODY_EVAL_BOUNDARY_LENGTH);
+
+        return $boundary;
+    }
 }
@@ -80,9 +80,7 @@ public function process(Request $request, Response $response)
         $content = preg_replace('#<esi\:remove>.*?</esi\:remove>#s', '', $content);
         $content = preg_replace('#<esi\:comment[^>]+>#s', '', $content);
 
-        static $cookie;
-        $cookie = hash('md5', $cookie ?? $cookie = random_bytes(16), true);
-        $boundary = base64_encode($cookie);
+        $boundary = self::generateBodyEvalBoundary();
         $chunks = preg_split('#<esi\:include\s+(.*?)\s*(?:/|</esi\:include)>#', $content, -1, \PREG_SPLIT_DELIM_CAPTURE);
 
         $i = 1;
 
@@ -29,6 +29,8 @@
  */
 class HttpCache implements HttpKernelInterface, TerminableInterface
 {
+    public const BODY_EVAL_BOUNDARY_LENGTH = 24;
+
     private $kernel;
     private $store;
     private $request;
@@ -631,26 +633,22 @@ protected function store(Request $request, Response $response)
     private function restoreResponseBody(Request $request, Response $response)
     {
         if ($response->headers->has('X-Body-Eval')) {
-            ob_start();
+            \assert(self::BODY_EVAL_BOUNDARY_LENGTH === 24);
 
-            if ($response->headers->has('X-Body-File')) {
-                include $response->headers->get('X-Body-File');
-            } else {
-                $content = $response->getContent();
+            ob_start();
 
-                if (substr($content, -24) === $boundary = substr($content, 0, 24)) {
-                    $j = strpos($content, $boundary, 24);
-                    echo substr($content, 24, $j - 24);
-                    $i = $j + 24;
+            $content = $response->getContent();
+            $boundary = substr($content, 0, 24);
+            $j = strpos($content, $boundary, 24);
+            echo substr($content, 24, $j - 24);
+            $i = $j + 24;
 
-                    while (false !== $j = strpos($content, $boundary, $i)) {
-                        [$uri, $alt, $ignoreErrors, $part] = explode("\n", substr($content, $i, $j - $i), 4);
-                        $i = $j + 24;
+            while (false !== $j = strpos($content, $boundary, $i)) {
+                [$uri, $alt, $ignoreErrors, $part] = explode("\n", substr($content, $i, $j - $i), 4);
+                $i = $j + 24;
 
-                        echo $this->surrogate->handle($this, $uri, $alt, $ignoreErrors);
-                        echo $part;
-                    }
-                }
+                echo $this->surrogate->handle($this, $uri, $alt, $ignoreErrors);
+                echo $part;
             }
 
             $response->setContent(ob_get_clean());
 
@@ -64,10 +64,7 @@ public function process(Request $request, Response $response)
 
         // we don't use a proper XML parser here as we can have SSI tags in a plain text response
         $content = $response->getContent();
-
-        static $cookie;
-        $cookie = hash('md5', $cookie ?? $cookie = random_bytes(16), true);
-        $boundary = base64_encode($cookie);
+        $boundary = self::generateBodyEvalBoundary();
         $chunks = preg_split('#<!--\#include\s+(.*?)\s*-->#', $content, -1, \PREG_SPLIT_DELIM_CAPTURE);
 
         $i = 1;
 
@@ -475,15 +475,25 @@ private function persistResponse(Response $response): array
     /**
      * Restores a Response from the HTTP headers and body.
      */
-    private function restoreResponse(array $headers, string $path = null): Response
+    private function restoreResponse(array $headers, string $path = null): ?Response
     {
         $status = $headers['X-Status'][0];
         unset($headers['X-Status']);
+        $content = null;
 
         if (null !== $path) {
             $headers['X-Body-File'] = [$path];
+            unset($headers['x-body-file']);
+
+            if ($headers['X-Body-Eval'] ?? $headers['x-body-eval'] ?? false) {
+                $content = file_get_contents($path);
+                \assert(HttpCache::BODY_EVAL_BOUNDARY_LENGTH === 24);
+                if (48 > \strlen($content) || substr($content, -24) !== substr($content, 0, 24)) {
+                    return null;
+                }
+            }
         }
 
-        return new Response($path, $status, $headers);
+        return new Response($content, $status, $headers);
     }
 }
@@ -18,7 +18,7 @@
 use Symfony\Component\HttpKernel\HttpCache\Store;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 
-class HttpCacheTestCase extends TestCase
+abstract class HttpCacheTestCase extends TestCase
 {
     protected $kernel;
     protected $cache;
 
@@ -200,7 +200,7 @@ public function testRestoresResponseContentFromEntityStoreWithLookup()
     {
         $this->storeSimpleEntry();
         $response = $this->store->lookup($this->request);
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test')), $response->getContent());
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test')), $response->headers->get('X-Body-File'));
     }
 
     public function testInvalidatesMetaAndEntityStoreEntriesWithInvalidate()
@@ -253,9 +253,9 @@ public function testStoresMultipleResponsesForEachVaryCombination()
         $res3 = new Response('test 3', 200, ['Vary' => 'Foo Bar']);
         $this->store->write($req3, $res3);
 
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->getContent());
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->getContent());
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->getContent());
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->headers->get('X-Body-File'));
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->headers->get('X-Body-File'));
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->headers->get('X-Body-File'));
 
         $this->assertCount(3, $this->getStoreMetadata($key));
     }
@@ -265,17 +265,17 @@ public function testOverwritesNonVaryingResponseWithStore()
         $req1 = Request::create('/test', 'get', [], [], [], ['HTTP_FOO' => 'Foo', 'HTTP_BAR' => 'Bar']);
         $res1 = new Response('test 1', 200, ['Vary' => 'Foo Bar']);
         $this->store->write($req1, $res1);
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->getContent());
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->headers->get('X-Body-File'));
 
         $req2 = Request::create('/test', 'get', [], [], [], ['HTTP_FOO' => 'Bling', 'HTTP_BAR' => 'Bam']);
         $res2 = new Response('test 2', 200, ['Vary' => 'Foo Bar']);
         $this->store->write($req2, $res2);
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->getContent());
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->headers->get('X-Body-File'));
 
         $req3 = Request::create('/test', 'get', [], [], [], ['HTTP_FOO' => 'Foo', 'HTTP_BAR' => 'Bar']);
         $res3 = new Response('test 3', 200, ['Vary' => 'Foo Bar']);
         $key = $this->store->write($req3, $res3);
-        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->getContent());
+        $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->headers->get('X-Body-File'));
 
         $this->assertCount(2, $this->getStoreMetadata($key));
     }
@@ -330,6 +330,33 @@ public function testDoesNotStorePrivateHeaders()
         $this->assertNotEmpty($response->headers->getCookies());
     }
 
+    public function testDiscardsInvalidBodyEval()
+    {
+        $request = Request::create('https://example.com/foo');
+        $response = new Response('foo', 200, ['X-Body-Eval' => 'SSI']);
+
+        $this->store->write($request, $response);
+        $this->assertNull($this->store->lookup($request));
+
+        $request = Request::create('https://example.com/foo');
+        $content = str_repeat('a', 24).'b'.str_repeat('a', 24).'b';
+        $response = new Response($content, 200, ['X-Body-Eval' => 'SSI']);
+
+        $this->store->write($request, $response);
+        $this->assertNull($this->store->lookup($request));
+    }
+
+    public function testLoadsBodyEval()
+    {
+        $request = Request::create('https://example.com/foo');
+        $content = str_repeat('a', 24).'b'.str_repeat('a', 24);
+        $response = new Response($content, 200, ['X-Body-Eval' => 'SSI']);
+
+        $this->store->write($request, $response);
+        $response = $this->store->lookup($request);
+        $this->assertSame($content, $response->getContent());
+    }
+
     protected function storeSimpleEntry($path = null, $headers = [])
     {
         if (null === $path) {
Original file line number	Diff line number	Diff line change
`@@ -133,4 +133,15 @@ protected function removeFromControl(Response $response)`
`133`	`133`	`$response->headers->set('Surrogate-Control', preg_replace(sprintf('#content="%s/1.0",\s*#', $upperName), '', $value));`
`134`	`134`	`}`
`135`	`135`	`}`
	`136`	`+`
	`137`	`+ protected static function generateBodyEvalBoundary(): string`
	`138`	`+ {`
	`139`	`+ static $cookie;`
	`140`	`+ $cookie = hash('md5', $cookie ?? $cookie = random_bytes(16), true);`
	`141`	`+ $boundary = base64_encode($cookie);`
	`142`	`+`
	`143`	`+ \assert(\strlen($boundary) === HttpCache::BODY_EVAL_BOUNDARY_LENGTH);`
	`144`	`+`
	`145`	`+ return $boundary;`
	`146`	`+ }`
`136`	`147`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`use Symfony\Component\HttpKernel\HttpCache\Store;`
`19`	`19`	`use Symfony\Component\HttpKernel\HttpKernelInterface;`
`20`	`20`
`21`		`-class HttpCacheTestCase extends TestCase`
	`21`	`+abstract class HttpCacheTestCase extends TestCase`
`22`	`22`	`{`
`23`	`23`	`protected $kernel;`
`24`	`24`	`protected $cache;`