[Security] AbstractVoter method supportsAttribute gives false positive if attribute is zero (0)
This commit is contained in:
parent
e0bd2a2b08
commit
8306530e60
@ -26,7 +26,7 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
*/
|
*/
|
||||||
public function supportsAttribute($attribute)
|
public function supportsAttribute($attribute)
|
||||||
{
|
{
|
||||||
return in_array($attribute, $this->getSupportedAttributes());
|
return in_array($attribute, $this->getSupportedAttributes(), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -16,6 +16,9 @@ use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
|||||||
|
|
||||||
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* @var TokenInterface
|
||||||
|
*/
|
||||||
protected $token;
|
protected $token;
|
||||||
|
|
||||||
protected function setUp()
|
protected function setUp()
|
||||||
@ -23,6 +26,9 @@ class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
$this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
public function getTests()
|
public function getTests()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
@ -53,6 +59,71 @@ class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
|||||||
|
|
||||||
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function getSupportsAttributeData()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
'positive_string_edit' => array(
|
||||||
|
'expected' => true,
|
||||||
|
'attribute' => 'EDIT',
|
||||||
|
'message' => 'expected TRUE given as attribute EDIT is supported',
|
||||||
|
),
|
||||||
|
'positive_string_create' => array(
|
||||||
|
'expected' => true,
|
||||||
|
'attribute' => 'CREATE',
|
||||||
|
'message' => 'expected TRUE as given attribute CREATE is supported',
|
||||||
|
),
|
||||||
|
|
||||||
|
'negative_string_read' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => 'READ',
|
||||||
|
'message' => 'expected FALSE as given attribute READ is not supported',
|
||||||
|
),
|
||||||
|
'negative_string_random' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => 'random',
|
||||||
|
'message' => 'expected FALSE as given attribute "random" is not supported',
|
||||||
|
),
|
||||||
|
'negative_string_0' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => '0',
|
||||||
|
'message' => 'expected FALSE as given attribute "0" is not supported',
|
||||||
|
),
|
||||||
|
// this set of data gives false positive if in_array is not used with strict flag set to 'true'
|
||||||
|
'negative_int_0' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => 0,
|
||||||
|
'message' => 'expected FALSE as given attribute 0 is not string',
|
||||||
|
),
|
||||||
|
'negative_int_1' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => 1,
|
||||||
|
'message' => 'expected FALSE as given attribute 1 is not string',
|
||||||
|
),
|
||||||
|
'negative_int_7' => array(
|
||||||
|
'expected' => false,
|
||||||
|
'attribute' => 7,
|
||||||
|
'message' => 'expected FALSE as attribute 7 is not string',
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider getSupportsAttributeData
|
||||||
|
*
|
||||||
|
* @param bool $expected
|
||||||
|
* @param string $attribute
|
||||||
|
* @param string $message
|
||||||
|
*/
|
||||||
|
public function testSupportsAttribute($expected, $attribute, $message)
|
||||||
|
{
|
||||||
|
$voter = new AbstractVoterTest_Voter();
|
||||||
|
|
||||||
|
$this->assertEquals($expected, $voter->supportsAttribute($attribute), $message);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class AbstractVoterTest_Voter extends AbstractVoter
|
class AbstractVoterTest_Voter extends AbstractVoter
|
||||||
|
Reference in New Issue
Block a user