From 8442ab1b990c134227f39d6e03fe449d2d1ceb0b Mon Sep 17 00:00:00 2001 From: Nicole Cordes Date: Sun, 31 Jan 2016 14:41:28 +0100 Subject: [PATCH 1/6] [Filesystem] Try to delete broken symlinks If you delete the target of a symlink (at least on Windows systems) you don't get the kind of the target anymore (obviously). Therefore it might happen that a broken symlink to a directory should be removed with unlink() which fails. This patch adds another check for a broken symlink and tries to remove with rmdir() before throwing an exception. It helps to clean up test folders on Windows systems (so already proofed by the existing tests). --- src/Symfony/Component/Filesystem/Filesystem.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Filesystem/Filesystem.php b/src/Symfony/Component/Filesystem/Filesystem.php index b1b8052254..0009eb7f7d 100644 --- a/src/Symfony/Component/Filesystem/Filesystem.php +++ b/src/Symfony/Component/Filesystem/Filesystem.php @@ -161,8 +161,15 @@ class Filesystem } } else { if (true !== @unlink($file)) { - $error = error_get_last(); - throw new IOException(sprintf('Failed to remove file "%s": %s.', $file, $error['message'])); + // handle broken symlinks on Windows systems + if (is_link($file) && false === @readlink($file)) { + if (true !== @rmdir($file)) { + throw new IOException(sprintf('Failed to remove broken symlink "%s".', $file), 0, null, $file); + } + } else { + $error = error_get_last(); + throw new IOException(sprintf('Failed to remove file "%s": %s.', $file, $error['message'])); + } } } } From d897956362fbb167715c8bf31b1489adc49654cc Mon Sep 17 00:00:00 2001 From: Nicole Cordes Date: Sat, 30 Jan 2016 18:41:36 +0100 Subject: [PATCH 2/6] Ensure backend slashes for symlinks on Windows systems Resolves: #17614 --- src/Symfony/Component/Filesystem/Filesystem.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Filesystem/Filesystem.php b/src/Symfony/Component/Filesystem/Filesystem.php index 0009eb7f7d..b5426a402c 100644 --- a/src/Symfony/Component/Filesystem/Filesystem.php +++ b/src/Symfony/Component/Filesystem/Filesystem.php @@ -301,10 +301,15 @@ class Filesystem */ public function symlink($originDir, $targetDir, $copyOnWindows = false) { - if ($copyOnWindows && !function_exists('symlink')) { - $this->mirror($originDir, $targetDir); + if ('\\' === DIRECTORY_SEPARATOR) { + $originDir = strtr($originDir, '/', '\\'); + $targetDir = strtr($targetDir, '/', '\\'); - return; + if ($copyOnWindows) { + $this->mirror($originDir, $targetDir); + + return; + } } $this->mkdir(dirname($targetDir)); From 0de86ff2821d0ddc6db8bb6a782a042034a80082 Mon Sep 17 00:00:00 2001 From: Massimiliano Arione Date: Wed, 3 Feb 2016 15:31:21 +0100 Subject: [PATCH 3/6] add 'guid' to list of exception to filter out --- .../Doctrine/Form/ChoiceList/ORMQueryBuilderLoader.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Symfony/Bridge/Doctrine/Form/ChoiceList/ORMQueryBuilderLoader.php b/src/Symfony/Bridge/Doctrine/Form/ChoiceList/ORMQueryBuilderLoader.php index 55fc340d8d..ce4d508b8e 100644 --- a/src/Symfony/Bridge/Doctrine/Form/ChoiceList/ORMQueryBuilderLoader.php +++ b/src/Symfony/Bridge/Doctrine/Form/ChoiceList/ORMQueryBuilderLoader.php @@ -93,6 +93,13 @@ class ORMQueryBuilderLoader implements EntityLoaderInterface $values = array_values(array_filter($values, function ($v) { return (string) $v === (string) (int) $v; })); + } elseif ('guid' === $metadata->getTypeOfField($identifier)) { + $parameterType = Connection::PARAM_STR_ARRAY; + + // Like above, but we just filter out empty strings. + $values = array_values(array_filter($values, function ($v) { + return (string) $v !== ''; + })); } else { $parameterType = Connection::PARAM_STR_ARRAY; } From e0e82bb318998444ee08213320f5a1a6d5e2bb67 Mon Sep 17 00:00:00 2001 From: ged15 Date: Tue, 12 Aug 2014 13:24:41 +0200 Subject: [PATCH 4/6] added tests for non-trusted proxies --- src/Symfony/Component/HttpFoundation/Tests/RequestTest.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index 4e20366938..992e2c4882 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -1477,6 +1477,13 @@ class RequestTest extends \PHPUnit_Framework_TestCase $this->assertEquals(80, $request->getPort()); $this->assertFalse($request->isSecure()); + // request is forwarded by a non-trusted proxy + Request::setTrustedProxies(array('2.2.2.2')); + $this->assertEquals('3.3.3.3', $request->getClientIp()); + $this->assertEquals('example.com', $request->getHost()); + $this->assertEquals(80, $request->getPort()); + $this->assertFalse($request->isSecure()); + // trusted proxy via setTrustedProxies() Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2')); $this->assertEquals('1.1.1.1', $request->getClientIp()); From 065acb7fa87a57e8ee8972b8c811720760183186 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 2 Mar 2016 14:20:42 +0100 Subject: [PATCH 5/6] [Filesystem] Reduce complexity of ->remove() --- .../Component/Filesystem/Filesystem.php | 39 +++++++------------ .../Filesystem/Tests/FilesystemTest.php | 28 +++++++------ 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/src/Symfony/Component/Filesystem/Filesystem.php b/src/Symfony/Component/Filesystem/Filesystem.php index b5426a402c..333a70689b 100644 --- a/src/Symfony/Component/Filesystem/Filesystem.php +++ b/src/Symfony/Component/Filesystem/Filesystem.php @@ -143,34 +143,23 @@ class Filesystem $files = iterator_to_array($this->toIterator($files)); $files = array_reverse($files); foreach ($files as $file) { - if (!$this->exists($file) && !is_link($file)) { - continue; - } - - if (is_dir($file) && !is_link($file)) { + if (is_link($file)) { + // Workaround https://bugs.php.net/52176 + if (!@unlink($file) && !@rmdir($file)) { + $error = error_get_last(); + throw new IOException(sprintf('Failed to remove symlink "%s": %s.', $file, $error['message'])); + } + } elseif (is_dir($file)) { $this->remove(new \FilesystemIterator($file)); - if (true !== @rmdir($file)) { - throw new IOException(sprintf('Failed to remove directory %s', $file)); + if (!@rmdir($file)) { + $error = error_get_last(); + throw new IOException(sprintf('Failed to remove directory "%s": %s.', $file, $error['message'])); } - } else { - // https://bugs.php.net/bug.php?id=52176 - if ('\\' === DIRECTORY_SEPARATOR && is_dir($file)) { - if (true !== @rmdir($file)) { - throw new IOException(sprintf('Failed to remove file %s', $file)); - } - } else { - if (true !== @unlink($file)) { - // handle broken symlinks on Windows systems - if (is_link($file) && false === @readlink($file)) { - if (true !== @rmdir($file)) { - throw new IOException(sprintf('Failed to remove broken symlink "%s".', $file), 0, null, $file); - } - } else { - $error = error_get_last(); - throw new IOException(sprintf('Failed to remove file "%s": %s.', $file, $error['message'])); - } - } + } elseif ($this->exists($file)) { + if (!@unlink($file)) { + $error = error_get_last(); + throw new IOException(sprintf('Failed to remove file "%s": %s.', $file, $error['message'])); } } } diff --git a/src/Symfony/Component/Filesystem/Tests/FilesystemTest.php b/src/Symfony/Component/Filesystem/Tests/FilesystemTest.php index 3eeb1a6199..3c72cce230 100644 --- a/src/Symfony/Component/Filesystem/Tests/FilesystemTest.php +++ b/src/Symfony/Component/Filesystem/Tests/FilesystemTest.php @@ -281,7 +281,7 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase $this->filesystem->remove($basePath); - $this->assertTrue(!is_dir($basePath)); + $this->assertFileNotExists($basePath); } public function testRemoveCleansArrayOfFilesAndDirectories() @@ -297,8 +297,8 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase $this->filesystem->remove($files); - $this->assertTrue(!is_dir($basePath.'dir')); - $this->assertTrue(!is_file($basePath.'file')); + $this->assertFileNotExists($basePath.'dir'); + $this->assertFileNotExists($basePath.'file'); } public function testRemoveCleansTraversableObjectOfFilesAndDirectories() @@ -314,8 +314,8 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase $this->filesystem->remove($files); - $this->assertTrue(!is_dir($basePath.'dir')); - $this->assertTrue(!is_file($basePath.'file')); + $this->assertFileNotExists($basePath.'dir'); + $this->assertFileNotExists($basePath.'file'); } public function testRemoveIgnoresNonExistingFiles() @@ -330,7 +330,7 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase $this->filesystem->remove($files); - $this->assertTrue(!is_dir($basePath.'dir')); + $this->assertFileNotExists($basePath.'dir'); } public function testRemoveCleansInvalidLinks() @@ -342,11 +342,19 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase mkdir($basePath); mkdir($basePath.'dir'); // create symlink to nonexistent file - @symlink($basePath.'file', $basePath.'link'); + @symlink($basePath.'file', $basePath.'file-link'); + + // create symlink to dir using trailing forward slash + $this->filesystem->symlink($basePath.'dir/', $basePath.'dir-link'); + $this->assertTrue(is_dir($basePath.'dir-link')); + + // create symlink to nonexistent dir + rmdir($basePath.'dir'); + $this->assertFalse(is_dir($basePath.'dir-link')); $this->filesystem->remove($basePath); - $this->assertTrue(!is_dir($basePath)); + $this->assertFileNotExists($basePath); } public function testFilesExists() @@ -1062,10 +1070,6 @@ class FilesystemTest extends \PHPUnit_Framework_TestCase */ private function markAsSkippedIfSymlinkIsMissing($relative = false) { - if (!function_exists('symlink')) { - $this->markTestSkipped('symlink is not supported'); - } - if (false === self::$symlinkOnWindows) { $this->markTestSkipped('symlink requires "Create symbolic links" privilege on Windows'); } From fda32f8c431117360516e2b0e2f1a4f0527e9085 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 2 Mar 2016 15:53:47 +0100 Subject: [PATCH 6/6] [DomCrawler] Dont use LIBXML_PARSEHUGE by default --- src/Symfony/Component/DomCrawler/Crawler.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/DomCrawler/Crawler.php b/src/Symfony/Component/DomCrawler/Crawler.php index a51463dd0f..79615185dd 100644 --- a/src/Symfony/Component/DomCrawler/Crawler.php +++ b/src/Symfony/Component/DomCrawler/Crawler.php @@ -219,8 +219,11 @@ class Crawler extends \SplObjectStorage * * @param string $content The XML content * @param string $charset The charset + * @param int $options Bitwise OR of the libxml option constants + * LIBXML_PARSEHUGE is dangerous, see + * http://symfony.com/blog/security-release-symfony-2-0-17-released */ - public function addXmlContent($content, $charset = 'UTF-8') + public function addXmlContent($content, $charset = 'UTF-8', $options = LIBXML_NONET) { $internalErrors = libxml_use_internal_errors(true); $disableEntities = libxml_disable_entity_loader(true); @@ -230,7 +233,7 @@ class Crawler extends \SplObjectStorage if ('' !== trim($content)) { // remove the default namespace to make XPath expressions simpler - @$dom->loadXML(str_replace('xmlns', 'ns', $content), LIBXML_NONET | (defined('LIBXML_PARSEHUGE') ? LIBXML_PARSEHUGE : 0)); + @$dom->loadXML(str_replace('xmlns', 'ns', $content), $options); } libxml_use_internal_errors($internalErrors);