bug #40506 [Validator] Avoid triggering the autoloader for user-input values (Seldaek)
This PR was squashed before being merged into the 4.4 branch. Discussion ---------- [Validator] Avoid triggering the autoloader for user-input values | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | Following-up to https://twitter.com/seldaek/status/1372450636361502721 - mostly to see if the build passes or if this breaks some undocumented/unclear-to-me assumptions. Essentially using the `Valid` constraint should only validate objects if they exist as objects. If a user sends a string and that gets assigned to a property, `Valid` should not attempt autoloading that user-given string. As far as I can tell, this is used in two places: -acb32dd396/src/Symfony/Component/Validator/Validator/RecursiveContextualValidator.php (L364-L365)
where non-objects are anyway ignored, so this change is harmless there. -acb32dd396/src/Symfony/Component/Validator/Validator/RecursiveContextualValidator.php (L652-L660)
where it's explicitly passing anything in there to get the proper exception, so my change makes sure that exception is thrown *before* autoloading attempts. I am just not 100% sure if there are cases where validateGenericNode will receive a class name as a string to validate in $value. I can't imagine why it would but that doesn't mean it's true. Commits -------e45eb23ba2
[Validator] Avoid triggering the autoloader for user-input values
This commit is contained in:
commit
689056ef7f
@ -656,8 +656,10 @@ class RecursiveContextualValidator implements ContextualValidatorInterface
|
||||
return;
|
||||
}
|
||||
|
||||
// If the value is a scalar, pass it anyway, because we want
|
||||
// a NoSuchMetadataException to be thrown in that case
|
||||
if (!\is_object($value)) {
|
||||
throw new NoSuchMetadataException(sprintf('Cannot create metadata for non-objects. Got: "%s".', \gettype($value)));
|
||||
}
|
||||
|
||||
$this->validateObject(
|
||||
$value,
|
||||
$propertyPath,
|
||||
|
Reference in New Issue
Block a user