symfony
diff --git a/‎src/Symfony/Bridge/PhpUnit/bin/simple-phpunit.php
Lines changed: 39 additions & 7 deletions b/‎src/Symfony/Bridge/PhpUnit/bin/simple-phpunit.php
Lines changed: 39 additions & 7 deletions
diff --git a/‎src/Symfony/Component/HttpClient/HttpClientTrait.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpClient/HttpClientTrait.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Response.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Response.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 27 additions & 3 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 27 additions & 3 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Lines changed: 162 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Lines changed: 162 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/User/ChainUserProvider.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/User/ChainUserProvider.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Validator/Mapping/PropertyMetadata.php
Lines changed: 7 additions & 1 deletion b/‎src/Symfony/Component/Validator/Mapping/PropertyMetadata.php
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Validator/Tests/Fixtures/Entity_74.php
Lines changed: 8 additions & 0 deletions b/‎src/Symfony/Component/Validator/Tests/Fixtures/Entity_74.php
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Validator/Tests/Mapping/PropertyMetadataTest.php
Lines changed: 13 additions & 0 deletions b/‎src/Symfony/Component/Validator/Tests/Mapping/PropertyMetadataTest.php
Lines changed: 13 additions & 0 deletions
@@ -24,15 +24,47 @@
 
     static $phpunitConfig = null;
     if (null === $phpunitConfig) {
-        $opt = min(array_search('-c', $opts = array_reverse($argv), true) ?: INF, array_search('--configuration', $opts, true) ?: INF);
         $phpunitConfigFilename = null;
-        if (INF !== $opt && isset($opts[$opt - 1])) {
-            $phpunitConfigFilename = $opts[$opt - 1];
-        } elseif (file_exists('phpunit.xml')) {
-            $phpunitConfigFilename = 'phpunit.xml';
-        } elseif (file_exists('phpunit.xml.dist')) {
-            $phpunitConfigFilename = 'phpunit.xml.dist';
+        $getPhpUnitConfig = function ($probableConfig) use (&$getPhpUnitConfig) {
+            if (!$probableConfig) {
+                return null;
+            }
+            if (is_dir($probableConfig)) {
+                return $getPhpUnitConfig($probableConfig.DIRECTORY_SEPARATOR.'phpunit.xml');
+            }
+
+            if (file_exists($probableConfig)) {
+                return $probableConfig;
+            }
+            if (file_exists($probableConfig.'.dist')) {
+                return $probableConfig.'.dist';
+            }
+
+            return null;
+        };
+
+        foreach ($argv as $cliArgumentIndex => $cliArgument) {
+            if ('--' === $cliArgument) {
+                break;
+            }
+            // long option
+            if ('--configuration' === $cliArgument && array_key_exists($cliArgumentIndex + 1, $argv)) {
+                $phpunitConfigFilename = $getPhpUnitConfig($argv[$cliArgumentIndex + 1]);
+            }
+            // short option
+            if (0 === strpos($cliArgument, '-c')) {
+                if ('-c' === $cliArgument && array_key_exists($cliArgumentIndex + 1, $argv)) {
+                    $phpunitConfigFilename = $getPhpUnitConfig($argv[$cliArgumentIndex + 1]);
+                } else {
+                    $phpunitConfigFilename = $getPhpUnitConfig(substr($cliArgument, 2));
+                }
+                break;
+            }
         }
+
+        $phpunitConfigFilename = $phpunitConfigFilename ?: $getPhpUnitConfig('phpunit.xml');
+
         if ($phpunitConfigFilename) {
             $phpunitConfig = new DomDocument();
             $phpunitConfig->load($phpunitConfigFilename);
 
@@ -110,7 +110,7 @@ private static function prepareRequest(?string $method, ?string $url, array $opt
             throw new InvalidArgumentException(sprintf('Option "auth_basic" must be string or an array, %s given.', \gettype($options['auth_basic'])));
         }
 
-        if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) || !preg_match('{^[-._~+/0-9a-zA-Z]++=*+$}', $options['auth_bearer']))) {
+        if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) || !preg_match('{^[-._=~+/0-9a-zA-Z]++$}', $options['auth_bearer']))) {
             throw new InvalidArgumentException(sprintf('Option "auth_bearer" must be a string containing only characters from the base 64 alphabet, %s given.', \is_string($options['auth_bearer']) ? 'invalid string' : \gettype($options['auth_bearer'])));
         }
 
 
@@ -628,7 +628,7 @@ public function isImmutable(): bool
     }
 
     /**
-     * Returns true if the response must be revalidated by caches.
+     * Returns true if the response must be revalidated by shared caches once it has become stale.
      *
      * This method indicates that the response must not be served stale by a
      * cache in any circumstance without first revalidating with the origin.
 
@@ -476,13 +476,37 @@ protected function forward(Request $request, $catch = false, Response $entry = n
         // always a "master" request (as the real master request can be in cache)
         $response = SubRequestHandler::handle($this->kernel, $request, HttpKernelInterface::MASTER_REQUEST, $catch);
 
-        // we don't implement the stale-if-error on Requests, which is nonetheless part of the RFC
-        if (null !== $entry && \in_array($response->getStatusCode(), [500, 502, 503, 504])) {
+        /*
+         * Support stale-if-error given on Responses or as a config option.
+         * RFC 7234 summarizes in Section 4.2.4 (but also mentions with the individual
+         * Cache-Control directives) that
+         *
+         *      A cache MUST NOT generate a stale response if it is prohibited by an
+         *      explicit in-protocol directive (e.g., by a "no-store" or "no-cache"
+         *      cache directive, a "must-revalidate" cache-response-directive, or an
+         *      applicable "s-maxage" or "proxy-revalidate" cache-response-directive;
+         *      see Section 5.2.2).
+         *
+         * https://tools.ietf.org/html/rfc7234#section-4.2.4
+         *
+         * We deviate from this in one detail, namely that we *do* serve entries in the
+         * stale-if-error case even if they have a `s-maxage` Cache-Control directive.
+         */
+        if (null !== $entry
+            && \in_array($response->getStatusCode(), [500, 502, 503, 504])
+            && !$entry->headers->hasCacheControlDirective('no-cache')
+            && !$entry->mustRevalidate()
+        ) {
             if (null === $age = $entry->headers->getCacheControlDirective('stale-if-error')) {
                 $age = $this->options['stale_if_error'];
             }
 
-            if (abs($entry->getTtl()) < $age) {
+            /*
+             * stale-if-error gives the (extra) time that the Response may be used *after* it has become stale.
+             * So we compare the time the $entry has been sitting in the cache already with the
+             * time it was fresh plus the allowed grace period.
+             */
+            if ($entry->getAge() <= $entry->getMaxAge() + $age) {
                 $this->record($request, 'stale-if-error');
 
                 return $entry;
 
@@ -1522,6 +1522,168 @@ public function testUsesOriginalRequestForSurrogate()
         $cache->handle($request, HttpKernelInterface::SUB_REQUEST);
     }
 
+    public function testStaleIfErrorMustNotResetLifetime()
+    {
+        // Make sure we don't accidentally treat the response as fresh (revalidated) again
+        // when stale-if-error handling kicks in.
+
+        $responses = [
+            [
+                'status' => 200,
+                'body' => 'OK',
+                // This is cacheable and can be used in stale-if-error cases:
+                'headers' => ['Cache-Control' => 'public, max-age=10', 'ETag' => 'some-etag'],
+            ],
+            [
+                'status' => 500,
+                'body' => 'FAIL',
+                'headers' => [],
+            ],
+            [
+                'status' => 500,
+                'body' => 'FAIL',
+                'headers' => [],
+            ],
+        ];
+
+        $this->setNextResponses($responses);
+        $this->cacheConfig['stale_if_error'] = 10;
+
+        $this->request('GET', '/'); // warm cache
+
+        sleep(15); // now the entry is stale, but still within the grace period (10s max-age + 10s stale-if-error)
+
+        $this->request('GET', '/'); // hit backend error
+        $this->assertEquals(200, $this->response->getStatusCode()); // stale-if-error saved the day
+        $this->assertEquals(15, $this->response->getAge());
+
+        sleep(10); // now we're outside the grace period
+
+        $this->request('GET', '/'); // hit backend error
+        $this->assertEquals(500, $this->response->getStatusCode()); // fail
+    }
+
+    /**
+     * @dataProvider getResponseDataThatMayBeServedStaleIfError
+     */
+    public function testResponsesThatMayBeUsedStaleIfError($responseHeaders, $sleepBetweenRequests = null)
+    {
+        $responses = [
+            [
+                'status' => 200,
+                'body' => 'OK',
+                'headers' => $responseHeaders,
+            ],
+            [
+                'status' => 500,
+                'body' => 'FAIL',
+                'headers' => [],
+            ],
+        ];
+
+        $this->setNextResponses($responses);
+        $this->cacheConfig['stale_if_error'] = 10; // after stale, may be served for 10s
+
+        $this->request('GET', '/'); // warm cache
+
+        if ($sleepBetweenRequests) {
+            sleep($sleepBetweenRequests);
+        }
+
+        $this->request('GET', '/'); // hit backend error
+
+        $this->assertEquals(200, $this->response->getStatusCode());
+        $this->assertEquals('OK', $this->response->getContent());
+        $this->assertTraceContains('stale-if-error');
+
+    public function getResponseDataThatMayBeServedStaleIfError()
+    {
+        // All data sets assume that a 10s stale-if-error grace period has been configured
+        yield 'public, max-age expired' => [['Cache-Control' => 'public, max-age=60'], 65];
+        yield 'public, validateable with ETag, no TTL' => [['Cache-Control' => 'public', 'ETag' => 'some-etag'], 5];
+        yield 'public, validateable with Last-Modified, no TTL' => [['Cache-Control' => 'public', 'Last-Modified' => 'yesterday'], 5];
+        yield 'public, s-maxage will be served stale-if-error, even if the RFC mandates otherwise' => [['Cache-Control' => 'public, s-maxage=20'], 25];
+    }
+
+    /**
+     * @dataProvider getResponseDataThatMustNotBeServedStaleIfError
+     */
+    public function testResponsesThatMustNotBeUsedStaleIfError($responseHeaders, $sleepBetweenRequests = null)
+    {
+        $responses = [
+            [
+                'status' => 200,
+                'body' => 'OK',
+                'headers' => $responseHeaders,
+            ],
+            [
+                'status' => 500,
+                'body' => 'FAIL',
+                'headers' => [],
+            ],
+        ];
+
+        $this->setNextResponses($responses);
+        $this->cacheConfig['stale_if_error'] = 10; // after stale, may be served for 10s
+        $this->cacheConfig['strict_smaxage'] = true; // full RFC compliance for this feature
+
+        $this->request('GET', '/'); // warm cache
+
+        if ($sleepBetweenRequests) {
+            sleep($sleepBetweenRequests);
+        }
+
+        $this->request('GET', '/'); // hit backend error
+
+        $this->assertEquals(500, $this->response->getStatusCode());
+    }
+
+    public function getResponseDataThatMustNotBeServedStaleIfError()
+    {
+        // All data sets assume that a 10s stale-if-error grace period has been configured
+        yield 'public, no TTL but beyond grace period' => [['Cache-Control' => 'public'], 15];
+        yield 'public, validateable with ETag, no TTL but beyond grace period' => [['Cache-Control' => 'public', 'ETag' => 'some-etag'], 15];
+        yield 'public, validateable with Last-Modified, no TTL but beyond grace period' => [['Cache-Control' => 'public', 'Last-Modified' => 'yesterday'], 15];
+        yield 'public, stale beyond grace period' => [['Cache-Control' => 'public, max-age=10'], 30];
+
+        // Cache-control values that prohibit serving stale responses or responses without positive validation -
+        // see https://tools.ietf.org/html/rfc7234#section-4.2.4 and
+        // https://tools.ietf.org/html/rfc7234#section-5.2.2
+        yield 'no-cache requires positive validation' => [['Cache-Control' => 'public, no-cache', 'ETag' => 'some-etag']];
+        yield 'no-cache requires positive validation, even if fresh' => [['Cache-Control' => 'public, no-cache, max-age=10']];
+        yield 'must-revalidate requires positive validation once stale' => [['Cache-Control' => 'public, max-age=10, must-revalidate'], 15];
+        yield 'proxy-revalidate requires positive validation once stale' => [['Cache-Control' => 'public, max-age=10, proxy-revalidate'], 15];
+    }
+
+    public function testStaleIfErrorWhenStrictSmaxageDisabled()
+    {
+        $responses = [
+            [
+                'status' => 200,
+                'body' => 'OK',
+                'headers' => ['Cache-Control' => 'public, s-maxage=20'],
+            ],
+            [
+                'status' => 500,
+                'body' => 'FAIL',
+                'headers' => [],
+            ],
+        ];
+
+        $this->setNextResponses($responses);
+        $this->cacheConfig['stale_if_error'] = 10;
+        $this->cacheConfig['strict_smaxage'] = false;
+
+        $this->request('GET', '/'); // warm cache
+        sleep(25);
+        $this->request('GET', '/'); // hit backend error
+
+        $this->assertEquals(200, $this->response->getStatusCode());
+        $this->assertEquals('OK', $this->response->getContent());
+        $this->assertTraceContains('stale-if-error');
+    }
+
     public function testTraceHeaderNameCanBeChanged()
     {
         $this->cacheConfig['trace_header'] = 'X-My-Header';
 
@@ -91,7 +91,7 @@ public function refreshUser(UserInterface $user)
             $e->setUsername($user->getUsername());
             throw $e;
         } else {
-            throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', \get_class($user)));
+            throw new UnsupportedUserException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', \get_class($user)));
         }
     }
 
 
@@ -292,7 +292,7 @@ protected function refreshUser(TokenInterface $token)
             return null;
         }
 
-        throw new \RuntimeException(sprintf('There is no user provider for user "%s".', $userClass));
+        throw new \RuntimeException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', $userClass));
     }
 
     private function safelyUnserialize(string $serializedToken)
 
@@ -234,7 +234,7 @@ final protected function getUserProvider(string $class): UserProviderInterface
             }
         }
 
-        throw new UnsupportedUserException(sprintf('There is no user provider that supports class "%s".', $class));
+        throw new UnsupportedUserException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', $class));
     }
 
     /**
 
@@ -48,7 +48,13 @@ public function __construct(string $class, string $name)
      */
     public function getPropertyValue($object)
     {
-        return $this->getReflectionMember($object)->getValue($object);
+        $reflProperty = $this->getReflectionMember($object);
+
+        if (\PHP_VERSION_ID >= 70400 && !$reflProperty->isInitialized($object)) {
+            return null;
+        }
+
+        return $reflProperty->getValue($object);
     }
 
     /**
 
@@ -0,0 +1,8 @@
+<?php
+
+namespace Symfony\Component\Validator\Tests\Fixtures;
+
+class Entity_74
+{
+    public int $uninitialized;
+}
@@ -14,10 +14,12 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Validator\Mapping\PropertyMetadata;
 use Symfony\Component\Validator\Tests\Fixtures\Entity;
+use Symfony\Component\Validator\Tests\Fixtures\Entity_74;
 
 class PropertyMetadataTest extends TestCase
 {
     const CLASSNAME = 'Symfony\Component\Validator\Tests\Fixtures\Entity';
+    const CLASSNAME_74 = 'Symfony\Component\Validator\Tests\Fixtures\Entity_74';
     const PARENTCLASS = 'Symfony\Component\Validator\Tests\Fixtures\EntityParent';
 
     public function testInvalidPropertyName()
@@ -53,4 +55,15 @@ public function testGetPropertyValueFromRemovedProperty()
         $this->expectException('Symfony\Component\Validator\Exception\ValidatorException');
         $metadata->getPropertyValue($entity);
     }
+
+    /**
+     * @requires PHP 7.4
+     */
+    public function testGetPropertyValueFromUninitializedProperty()
+    {
+        $entity = new Entity_74();
+        $metadata = new PropertyMetadata(self::CLASSNAME_74, 'uninitialized');
+
+        $this->assertNull($metadata->getPropertyValue($entity));
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ private static function prepareRequest(?string $method, ?string $url, array $opt`
`110`	`110`	`throw new InvalidArgumentException(sprintf('Option "auth_basic" must be string or an array, %s given.', \gettype($options['auth_basic'])));`
`111`	`111`	`}`
`112`	`112`
`113`		`- if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) \|\| !preg_match('{^[-._~+/0-9a-zA-Z]++=*+$}', $options['auth_bearer']))) {`
	`113`	`+ if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) \|\| !preg_match('{^[-._=~+/0-9a-zA-Z]++$}', $options['auth_bearer']))) {`
`114`	`114`	`throw new InvalidArgumentException(sprintf('Option "auth_bearer" must be a string containing only characters from the base 64 alphabet, %s given.', \is_string($options['auth_bearer']) ? 'invalid string' : \gettype($options['auth_bearer'])));`
`115`	`115`	`}`
`116`	`116`
Original file line number	Diff line number	Diff line change
`@@ -628,7 +628,7 @@ public function isImmutable(): bool`
`628`	`628`	`}`
`629`	`629`
`630`	`630`	`/**`
`631`		`- * Returns true if the response must be revalidated by caches.`
	`631`	`+ * Returns true if the response must be revalidated by shared caches once it has become stale.`
`632`	`632`	`*`
`633`	`633`	`* This method indicates that the response must not be served stale by a`
`634`	`634`	`* cache in any circumstance without first revalidating with the origin.`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ public function refreshUser(UserInterface $user)`
`91`	`91`	`$e->setUsername($user->getUsername());`
`92`	`92`	`throw $e;`
`93`	`93`	`} else {`
`94`		`- throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', \get_class($user)));`
	`94`	`+ throw new UnsupportedUserException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', \get_class($user)));`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`
Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,7 @@ protected function refreshUser(TokenInterface $token)`
`292`	`292`	`return null;`
`293`	`293`	`}`
`294`	`294`
`295`		`- throw new \RuntimeException(sprintf('There is no user provider for user "%s".', $userClass));`
	`295`	`+ throw new \RuntimeException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', $userClass));`
`296`	`296`	`}`
`297`	`297`
`298`	`298`	`private function safelyUnserialize(string $serializedToken)`
Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ final protected function getUserProvider(string $class): UserProviderInterface`
`234`	`234`	`}`
`235`	`235`	`}`
`236`	`236`
`237`		`- throw new UnsupportedUserException(sprintf('There is no user provider that supports class "%s".', $class));`
	`237`	`+ throw new UnsupportedUserException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', $class));`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,13 @@ public function __construct(string $class, string $name)`
`48`	`48`	`*/`
`49`	`49`	`public function getPropertyValue($object)`
`50`	`50`	`{`
`51`		`- return $this->getReflectionMember($object)->getValue($object);`
	`51`	`+ $reflProperty = $this->getReflectionMember($object);`
	`52`	`+`
	`53`	`+ if (\PHP_VERSION_ID >= 70400 && !$reflProperty->isInitialized($object)) {`
	`54`	`+ return null;`
	`55`	`+ }`
	`56`	`+`
	`57`	`+ return $reflProperty->getValue($object);`
`52`	`58`	`}`
`53`	`59`
`54`	`60`	`/**`