You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Analysis
The PropertyAccessor component uses a standard PSR6 cache to increase it's performance, but the key is validated by Symfony\Component\Cache\CacheItem::validateKey, and some characters are forbidden. The problem is that any of those characters are allowed as an array key (source). It means some properties can never be accessed through the property accessor.
As a quick workaround, we will disable the cache.
Side note: an empty array key is also not reachable (even if it's certainly a bad practice...)
Resolution proposals
Hash the key (but should it be protected against collisions with a mapping ?)
Catch the cache component error, add a warning and skip caching for those property (not ideal, but a quick and safe solution...)
Find a way to escape those characters
Context
Symfony 3.4
PHP 7.2
The text was updated successfully, but these errors were encountered:
@nicolas-grekas I'm looking at your fix, and I think there might be an issue... You're escaping the key only on character detection, not always, which implies that in an extremely rare circumstance (or as an exploit ?) we can have a cache collision...
Bug description: when using the built-in PropertyAccessor service, accessing an array property containing
/
in its key throws an error.Example
bin/test.php
file, in a working Symfony instanceAnalysis
The PropertyAccessor component uses a standard PSR6 cache to increase it's performance, but the key is validated by
Symfony\Component\Cache\CacheItem::validateKey
, and some characters are forbidden. The problem is that any of those characters are allowed as an array key (source). It means some properties can never be accessed through the property accessor.As a quick workaround, we will disable the cache.
Side note: an empty array key is also not reachable (even if it's certainly a bad practice...)
Resolution proposals
Context
The text was updated successfully, but these errors were encountered: