From 9d034787feca5f10d8933c41ddc1a62ed7e76fc9 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Wed, 20 Jan 2016 20:11:57 +0100 Subject: [PATCH 1/3] tag for dumped PHP objects must be a local one --- src/Symfony/Component/Yaml/Inline.php | 12 ++++++- .../Component/Yaml/Tests/DumperTest.php | 2 +- .../Component/Yaml/Tests/ParserTest.php | 34 +++++++++++++++---- 3 files changed, 40 insertions(+), 8 deletions(-) diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php index ca419e0565..eafcbc7ab0 100644 --- a/src/Symfony/Component/Yaml/Inline.php +++ b/src/Symfony/Component/Yaml/Inline.php @@ -102,7 +102,7 @@ class Inline return 'null'; case is_object($value): if ($objectSupport) { - return '!!php/object:'.serialize($value); + return '!php/object:'.serialize($value); } if ($exceptionOnInvalidType) { @@ -434,6 +434,16 @@ class Inline return (string) substr($scalar, 5); case 0 === strpos($scalar, '! '): return (int) self::parseScalar(substr($scalar, 2)); + case 0 === strpos($scalar, '!php/object:'): + if (self::$objectSupport) { + return unserialize(substr($scalar, 12)); + } + + if (self::$exceptionOnInvalidType) { + throw new ParseException('Object support when parsing a YAML file has been disabled.'); + } + + return; case 0 === strpos($scalar, '!!php/object:'): if (self::$objectSupport) { return unserialize(substr($scalar, 13)); diff --git a/src/Symfony/Component/Yaml/Tests/DumperTest.php b/src/Symfony/Component/Yaml/Tests/DumperTest.php index 1d81a287ae..b1c44c44be 100644 --- a/src/Symfony/Component/Yaml/Tests/DumperTest.php +++ b/src/Symfony/Component/Yaml/Tests/DumperTest.php @@ -181,7 +181,7 @@ EOF; { $dump = $this->dumper->dump(array('foo' => new A(), 'bar' => 1), 0, 0, false, true); - $this->assertEquals('{ foo: !!php/object:O:30:"Symfony\Component\Yaml\Tests\A":1:{s:1:"a";s:3:"foo";}, bar: 1 }', $dump, '->dump() is able to dump objects'); + $this->assertEquals('{ foo: !php/object:O:30:"Symfony\Component\Yaml\Tests\A":1:{s:1:"a";s:3:"foo";}, bar: 1 }', $dump, '->dump() is able to dump objects'); } public function testObjectSupportDisabledButNoExceptions() diff --git a/src/Symfony/Component/Yaml/Tests/ParserTest.php b/src/Symfony/Component/Yaml/Tests/ParserTest.php index 9d6d42befe..34cc81b2d3 100644 --- a/src/Symfony/Component/Yaml/Tests/ParserTest.php +++ b/src/Symfony/Component/Yaml/Tests/ParserTest.php @@ -426,24 +426,46 @@ foo: !!php/object:O:30:"Symfony\Component\Yaml\Tests\B":1:{s:1:"b";s:3:"foo";} bar: 1 EOF; $this->assertEquals(array('foo' => new B(), 'bar' => 1), $this->parser->parse($input, false, true), '->parse() is able to parse objects'); - } - public function testObjectSupportDisabledButNoExceptions() - { $input = <<assertEquals(array('foo' => new B(), 'bar' => 1), $this->parser->parse($input, false, true), '->parse() is able to parse objects'); + } + /** + * @dataProvider invalidDumpedObjectProvider + */ + public function testObjectSupportDisabledButNoExceptions($input) + { $this->assertEquals(array('foo' => null, 'bar' => 1), $this->parser->parse($input), '->parse() does not parse objects'); } /** + * @dataProvider invalidDumpedObjectProvider * @expectedException \Symfony\Component\Yaml\Exception\ParseException */ - public function testObjectsSupportDisabledWithExceptions() + public function testObjectsSupportDisabledWithExceptions($yaml) { - $this->parser->parse('foo: !!php/object:O:30:"Symfony\Tests\Component\Yaml\B":1:{s:1:"b";s:3:"foo";}', true, false); + $this->parser->parse($yaml, true, false); + } + + public function invalidDumpedObjectProvider() + { + $yamlTag = << array($yamlTag), + 'local-tag' => array($localTag), + ); } /** From 53ebfda33ea6a0262c3cf49fce96b6b091182bba Mon Sep 17 00:00:00 2001 From: Jakub Zalas Date: Thu, 21 Jan 2016 15:41:38 +0000 Subject: [PATCH 2/3] [HttpFoundation] Do not overwrite the Authorization header if it is already set --- .../Component/HttpFoundation/ServerBag.php | 4 ++++ .../HttpFoundation/Tests/ServerBagTest.php | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/ServerBag.php b/src/Symfony/Component/HttpFoundation/ServerBag.php index fa1cb2fc9f..0d38c08ac0 100644 --- a/src/Symfony/Component/HttpFoundation/ServerBag.php +++ b/src/Symfony/Component/HttpFoundation/ServerBag.php @@ -86,6 +86,10 @@ class ServerBag extends ParameterBag } } + if (isset($headers['AUTHORIZATION'])) { + return $headers; + } + // PHP_AUTH_USER/PHP_AUTH_PW if (isset($headers['PHP_AUTH_USER'])) { $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']); diff --git a/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php index 20773c4d7a..41e44e1005 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php @@ -151,4 +151,19 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase 'AUTHORIZATION' => $headerContent, ), $bag->getHeaders()); } + + /** + * @see https://github.com/symfony/symfony/issues/17345 + */ + public function testItDoesNotOverwriteTheAuthorizationHeaderIfItIsAlreadySet() + { + $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo'; + $bag = new ServerBag(array('PHP_AUTH_USER' => 'foo', 'HTTP_AUTHORIZATION' => $headerContent)); + + $this->assertEquals(array( + 'AUTHORIZATION' => $headerContent, + 'PHP_AUTH_USER' => 'foo', + 'PHP_AUTH_PW' => '', + ), $bag->getHeaders()); + } } From bf56d2fc17715fb05660fa9e6306a012e9d12384 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Par=C3=A1da=20J=C3=B3zsef?= Date: Fri, 22 Jan 2016 17:31:58 +0100 Subject: [PATCH 3/3] [SecurityBundle] Optimize dependency injection tests --- .../DependencyInjection/CompleteConfigurationTest.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 86ddb828f5..0e7736aa2b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -19,6 +19,8 @@ use Symfony\Component\DependencyInjection\ContainerBuilder; abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase { + private static $containerCache = array(); + abstract protected function loadFromFile(ContainerBuilder $container, $file); public function testRolesHierarchy() @@ -182,6 +184,9 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase protected function getContainer($file) { + if (isset(self::$containerCache[$file])) { + return self::$containerCache[$file]; + } $container = new ContainerBuilder(); $security = new SecurityExtension(); $container->registerExtension($security); @@ -194,6 +199,6 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase $container->getCompilerPassConfig()->setRemovingPasses(array()); $container->compile(); - return $container; + return self::$containerCache[$file] = $container; } }