diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '2.7' into 2.8

Browse Source 
* 2.7:
  Github template: Remove EOM 3.2 from branch suggestion
  [Security] Fix security.interactive_login event const doc block
  Avoid infinite loops when profiler data is malformed
  [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This commit is contained in:
Nicolas Grekas 2017-08-06 15:41:54 +02:00
commit 684975ddf3
5 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,6 +1,6 @@
| Q | A | Q | A
| ------------- | --- | ------------- | ---
| Branch? | 3.4 or master / 2.7, 2.8, 3.2 or 3.3 <!-- see comment below --> | Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
| Bug fix? | yes/no | Bug fix? | yes/no
| New feature? | yes/no <!-- don't forget updating src/**/CHANGELOG.md files --> | New feature? | yes/no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | yes/no | BC breaks? | yes/no

4
src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
View File

@ -150,7 +150,7 @@ class BinaryFileResponse extends Response
* Sets the Content-Disposition header with the given filename. * Sets the Content-Disposition header with the given filename.
* *
* @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT * @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
* @param string $filename Optionally use this filename instead of the real name of the file * @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file
* @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename * @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
* *
* @return $this * @return $this
@ -162,7 +162,7 @@ class BinaryFileResponse extends Response
} }
if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) { if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) {
$encoding = mb_detect_encoding($filename, null, true); $encoding = mb_detect_encoding($filename, null, true) ?: '8bit';
for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) { for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
$char = mb_substr($filename, $i, 1, $encoding); $char = mb_substr($filename, $i, 1, $encoding);

11
src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
View File

@ -68,6 +68,17 @@ class BinaryFileResponseTest extends ResponseTestCase
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition')); $this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition'));
} }
public function testSetContentDispositionGeneratesSafeFallbackFilenameForWronglyEncodedFilename()
{
$response = new BinaryFileResponse(__FILE__);
$iso88591EncodedFilename = utf8_decode('föö.html');
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $iso88591EncodedFilename);
// the parameter filename* is invalid in this case (rawurldecode('f%F6%F6') does not provide a UTF-8 string but an ISO-8859-1 encoded one)
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%F6%F6.html', $response->headers->get('Content-Disposition'));
}
/** /**
* @dataProvider provideRanges * @dataProvider provideRanges
*/ */

14
src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php
View File

@ -144,11 +144,19 @@ class FileProfilerStorage implements ProfilerStorageInterface
} }
} }
$profileToken = $profile->getToken();
// when there are errors in sub-requests, the parent and/or children tokens
// may equal the profile token, resulting in infinite loops
$parentToken = $profile->getParentToken() !== $profileToken ? $profile->getParentToken() : null;
$childrenToken = array_filter(array_map(function ($p) use ($profileToken) {
return $profileToken !== $p->getToken() ? $p->getToken() : null;
}, $profile->getChildren()));
// Store profile // Store profile
$data = array( $data = array(
'token' => $profile->getToken(), 'token' => $profileToken,
'parent' => $profile->getParentToken(), 'parent' => $parentToken,
'children' => array_map(function ($p) { return $p->getToken(); }, $profile->getChildren()), 'children' => $childrenToken,
'data' => $profile->getCollectors(), 'data' => $profile->getCollectors(),
'ip' => $profile->getIp(), 'ip' => $profile->getIp(),
'method' => $profile->getMethod(), 'method' => $profile->getMethod(),

7
src/Symfony/Component/Security/Http/SecurityEvents.php
View File

@ -14,8 +14,11 @@ namespace Symfony\Component\Security\Http;
final class SecurityEvents final class SecurityEvents
{ {
/** /**
* The INTERACTIVE_LOGIN event occurs after a user is logged in * The INTERACTIVE_LOGIN event occurs after a user has actively logged
* interactively for authentication based on http, cookies or X509. * into your website. It is important to distinguish this action from
* non-interactive authentication methods, such as:
* - authentication based on your session.
* - authentication using a HTTP basic or HTTP digest header.
* *
* The event listener method receives a * The event listener method receives a
* Symfony\Component\Security\Http\Event\InteractiveLoginEvent instance. * Symfony\Component\Security\Http\Event\InteractiveLoginEvent instance.