Merge branch '2.8' into 3.4
* 2.8: [SecurityBundle] Backport test [Security] fix merge of 2.7 into 2.8 + add test case backport regression test from 3.4 Fix misspelling variable [DI] minor: use a strict comparision in setDecoratedService Follow-on to #25825: Fix edge case in getParameterOption. keep the context when validating forms
This commit is contained in:
Christian Flothmann
commit
05a045268f
@ -282,7 +282,11 @@ class ArgvInput extends Input
|
||||
return false;
|
||||
}
|
||||
foreach ($values as $value) {
|
||||
if ($token === $value || 0 === strpos($token, $value.'=')) {
|
||||
// Options with values:
|
||||
// For long options, test for '--option=' at beginning
|
||||
// For short options, test for '-o' at beginning
|
||||
$leading = 0 === strpos($value, '--') ? $value.'=' : $value;
|
||||
if ($token === $value || 0 === strpos($token, $leading)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -306,13 +310,16 @@ class ArgvInput extends Input
|
||||
}
|
||||
|
||||
foreach ($values as $value) {
|
||||
if ($token === $value || 0 === strpos($token, $value.'=')) {
|
||||
if (false !== $pos = strpos($token, '=')) {
|
||||
return substr($token, $pos + 1);
|
||||
}
|
||||
|
||||
if ($token === $value) {
|
||||
return array_shift($tokens);
|
||||
}
|
||||
// Options with values:
|
||||
// For long options, test for '--option=' at beginning
|
||||
// For short options, test for '-o' at beginning
|
||||
$leading = 0 === strpos($value, '--') ? $value.'=' : $value;
|
||||
if (0 === strpos($token, $leading)) {
|
||||
return substr($token, strlen($leading));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -33,6 +33,8 @@ interface InputInterface
|
||||
*
|
||||
* This method is to be used to introspect the input parameters
|
||||
* before they have been validated. It must be used carefully.
|
||||
* Does not necessarily return the correct result for short options
|
||||
* when multiple flags are combined in the same option.
|
||||
*
|
||||
* @param string|array $values The values to look for in the raw parameters (can be an array)
|
||||
* @param bool $onlyParams Only check real parameters, skip those following an end of options (--) signal
|
||||
@ -46,6 +48,8 @@ interface InputInterface
|
||||
*
|
||||
* This method is to be used to introspect the input parameters
|
||||
* before they have been validated. It must be used carefully.
|
||||
* Does not necessarily return the correct result for short options
|
||||
* when multiple flags are combined in the same option.
|
||||
*
|
||||
* @param string|array $values The value(s) to look for in the raw parameters (can be an array)
|
||||
* @param mixed $default The default value to return if no result is found
|
||||
|
||||
@ -314,6 +314,10 @@ class ArgvInputTest extends TestCase
|
||||
$input = new ArgvInput(array('cli.php', '-f', 'foo'));
|
||||
$this->assertTrue($input->hasParameterOption('-f'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
|
||||
$input = new ArgvInput(array('cli.php', '-etest'));
|
||||
$this->assertTrue($input->hasParameterOption('-e'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
$this->assertFalse($input->hasParameterOption('-s'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
|
||||
$input = new ArgvInput(array('cli.php', '--foo', 'foo'));
|
||||
$this->assertTrue($input->hasParameterOption('--foo'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
|
||||
@ -339,6 +343,33 @@ class ArgvInputTest extends TestCase
|
||||
$this->assertFalse($input->hasParameterOption('--foo', true), '->hasParameterOption() returns false if the given option is in the raw input but after an end of options signal');
|
||||
}
|
||||
|
||||
public function testHasParameterOptionEdgeCasesAndLimitations()
|
||||
{
|
||||
$input = new ArgvInput(array('cli.php', '-fh'));
|
||||
// hasParameterOption does not know if the previous short option, -f,
|
||||
// takes a value or not. If -f takes a value, then -fh does NOT include
|
||||
// -h; Otherwise it does. Since we do not know which short options take
|
||||
// values, hasParameterOption does not support this use-case.
|
||||
$this->assertFalse($input->hasParameterOption('-h'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
// hasParameterOption does detect that `-fh` contains `-f`, since
|
||||
// `-f` is the first short option in the set.
|
||||
$this->assertTrue($input->hasParameterOption('-f'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
// The test below happens to pass, although it might make more sense
|
||||
// to disallow it, and require the use of
|
||||
// $input->hasParameterOption('-f') && $input->hasParameterOption('-h')
|
||||
// instead.
|
||||
$this->assertTrue($input->hasParameterOption('-fh'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
// In theory, if -fh is supported, then -hf should also work.
|
||||
// However, this is not supported.
|
||||
$this->assertFalse($input->hasParameterOption('-hf'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
|
||||
$input = new ArgvInput(array('cli.php', '-f', '-h'));
|
||||
// If hasParameterOption('-fh') is supported for 'cli.php -fh', then
|
||||
// one might also expect that it should also be supported for
|
||||
// 'cli.php -f -h'. However, this is not supported.
|
||||
$this->assertFalse($input->hasParameterOption('-fh'), '->hasParameterOption() returns true if the given short option is in the raw input');
|
||||
}
|
||||
|
||||
public function testToString()
|
||||
{
|
||||
$input = new ArgvInput(array('cli.php', '-f', 'foo'));
|
||||
|
||||
@ -129,7 +129,7 @@ class Definition
|
||||
*/
|
||||
public function setDecoratedService($id, $renamedId = null, $priority = 0)
|
||||
{
|
||||
if ($renamedId && $id == $renamedId) {
|
||||
if ($renamedId && $id === $renamedId) {
|
||||
throw new InvalidArgumentException(sprintf('The decorated service inner name for "%s" must be different than the service name itself.', $id));
|
||||
}
|
||||
|
||||
|
||||
@ -113,6 +113,7 @@ class FormValidator extends ConstraintValidator
|
||||
? (string) $form->getViewData()
|
||||
: gettype($form->getViewData());
|
||||
|
||||
$this->context->setConstraint($constraint);
|
||||
$this->context->buildViolation($config->getOption('invalid_message'))
|
||||
->setParameters(array_replace(array('{{ value }}' => $clientDataAsString), $config->getOption('invalid_message_parameters')))
|
||||
->setInvalidValue($form->getViewData())
|
||||
@ -124,6 +125,7 @@ class FormValidator extends ConstraintValidator
|
||||
|
||||
// Mark the form with an error if it contains extra fields
|
||||
if (!$config->getOption('allow_extra_fields') && count($form->getExtraData()) > 0) {
|
||||
$this->context->setConstraint($constraint);
|
||||
$this->context->buildViolation($config->getOption('extra_fields_message'))
|
||||
->setParameter('{{ extra_fields }}', implode('", "', array_keys($form->getExtraData())))
|
||||
->setInvalidValue($form->getExtraData())
|
||||
|
||||
@ -51,6 +51,8 @@ class FormValidatorTest extends ConstraintValidatorTestCase
|
||||
$this->serverParams = $this->getMockBuilder('Symfony\Component\Form\Extension\Validator\Util\ServerParams')->setMethods(array('getNormalizedIniPostMaxSize', 'getContentLength'))->getMock();
|
||||
|
||||
parent::setUp();
|
||||
|
||||
$this->constraint = new Form();
|
||||
}
|
||||
|
||||
protected function createValidator()
|
||||
|
||||
@ -2148,11 +2148,11 @@ class RequestTest extends TestCase
|
||||
/**
|
||||
* @dataProvider methodCacheableProvider
|
||||
*/
|
||||
public function testMethodCacheable($method, $chacheable)
|
||||
public function testMethodCacheable($method, $cacheable)
|
||||
{
|
||||
$request = new Request();
|
||||
$request->setMethod($method);
|
||||
$this->assertEquals($chacheable, $request->isMethodCacheable());
|
||||
$this->assertEquals($cacheable, $request->isMethodCacheable());
|
||||
}
|
||||
|
||||
public function methodCacheableProvider()
|
||||
|
||||
@ -185,6 +185,8 @@ class EmptyDocBlock
|
||||
class OmittedParamTagTypeDocBlock
|
||||
{
|
||||
/**
|
||||
* The type is omitted here to ensure that the extractor doesn't choke on missing types.
|
||||
*
|
||||
* @param $omittedTagType
|
||||
*/
|
||||
public function setOmittedType(array $omittedTagType)
|
||||
|
||||
@ -77,9 +77,13 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
||||
}
|
||||
}
|
||||
|
||||
$requestBag = $this->options['post_only'] ? $request->request : $request;
|
||||
$username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
|
||||
$password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
|
||||
if ($this->options['post_only']) {
|
||||
$username = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
|
||||
$password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
|
||||
} else {
|
||||
$username = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
|
||||
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
|
||||
}
|
||||
|
||||
if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
|
||||
throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
|
||||
|
||||
@ -77,14 +77,14 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider postOnlyDataProvider
|
||||
* @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
|
||||
* @expectedExceptionMessage The key "_username" must be a string, "array" given.
|
||||
*/
|
||||
public function testHandleNonStringUsername()
|
||||
public function testHandleNonStringUsername($postOnly)
|
||||
{
|
||||
$request = Request::create('/login_check', 'POST', array('_username' => array()));
|
||||
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
|
||||
|
||||
$listener = new UsernamePasswordFormAuthenticationListener(
|
||||
new TokenStorage(),
|
||||
$this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
|
||||
@ -93,14 +93,20 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
|
||||
'foo',
|
||||
new DefaultAuthenticationSuccessHandler($httpUtils),
|
||||
new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
|
||||
array('require_previous_session' => false)
|
||||
array('require_previous_session' => false, 'post_only' => $postOnly)
|
||||
);
|
||||
|
||||
$event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
|
||||
|
||||
$listener->handle($event);
|
||||
}
|
||||
|
||||
public function postOnlyDataProvider()
|
||||
{
|
||||
return array(
|
||||
array(true),
|
||||
array(false),
|
||||
);
|
||||
}
|
||||
|
||||
public function getUsernameForLength()
|
||||
{
|
||||
return array(
|
||||
|
||||
Reference in New Issue
Block a user