diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FrameworkBundle] Detect indirect env vars in routing

This commit is contained in:
Roland Franssen 2019-07-31 19:45:44 +02:00 committed by Fabien Potencier
parent f0c666925a
commit ceaa1b33d0
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Bundle/FrameworkBundle/Routing/Router.php
View File

@ -147,7 +147,7 @@ class Router extends BaseRouter implements WarmableInterface, ServiceSubscriberI
return '%%'; return '%%';
} }
if (preg_match('/^env\(\w+\)$/', $match[1])) { if (preg_match('/^env\((?:\w++:)*+\w++\)$/', $match[1])) {
throw new RuntimeException(sprintf('Using "%%%s%%" is not allowed in routing configuration.', $match[1])); throw new RuntimeException(sprintf('Using "%%%s%%" is not allowed in routing configuration.', $match[1]));
} }
@ -156,7 +156,7 @@ class Router extends BaseRouter implements WarmableInterface, ServiceSubscriberI
if (\is_string($resolved) || is_numeric($resolved)) { if (\is_string($resolved) || is_numeric($resolved)) {
$this->collectedParameters[$match[1]] = $resolved; $this->collectedParameters[$match[1]] = $resolved;
return (string) $resolved; return (string) $this->resolve($resolved);
} }
throw new RuntimeException(sprintf('The container parameter "%s", used in the route configuration value "%s", must be a string or numeric, but it is of type %s.', $match[1], $value, \gettype($resolved))); throw new RuntimeException(sprintf('The container parameter "%s", used in the route configuration value "%s", must be a string or numeric, but it is of type %s.', $match[1], $value, \gettype($resolved)));

21
src/Symfony/Bundle/FrameworkBundle/Tests/Routing/RouterTest.php
View File

@ -14,6 +14,7 @@ namespace Symfony\Bundle\FrameworkBundle\Tests\Routing;
use PHPUnit\Framework\TestCase; use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Routing\Router; use Symfony\Bundle\FrameworkBundle\Routing\Router;
use Symfony\Component\DependencyInjection\Config\ContainerParametersResource; use Symfony\Component\DependencyInjection\Config\ContainerParametersResource;
use Symfony\Component\DependencyInjection\Exception\RuntimeException;
use Symfony\Component\Routing\Route; use Symfony\Component\Routing\Route;
use Symfony\Component\Routing\RouteCollection; use Symfony\Component\Routing\RouteCollection;
@ -122,13 +123,13 @@ class RouterTest extends TestCase
$routes->add('foo', new Route('/before/%parameter.foo%/after/%%escaped%%')); $routes->add('foo', new Route('/before/%parameter.foo%/after/%%escaped%%'));
$sc = $this->getServiceContainer($routes); $sc = $this->getServiceContainer($routes);
$sc->setParameter('parameter.foo', 'foo'); $sc->setParameter('parameter.foo', 'foo-%%escaped%%');
$router = new Router($sc, 'foo'); $router = new Router($sc, 'foo');
$route = $router->getRouteCollection()->get('foo'); $route = $router->getRouteCollection()->get('foo');
$this->assertEquals( $this->assertEquals(
'/before/foo/after/%escaped%', '/before/foo-%escaped%/after/%escaped%',
$route->getPath() $route->getPath()
); );
} }
@ -147,6 +148,22 @@ class RouterTest extends TestCase
$router->getRouteCollection(); $router->getRouteCollection();
} }
public function testIndirectEnvPlaceholders()
{
$routes = new RouteCollection();
$routes->add('foo', new Route('/%foo%'));
$router = new Router($container = $this->getServiceContainer($routes), 'foo');
$container->setParameter('foo', 'foo-%bar%');
$container->setParameter('bar', '%env(string:FOO)%');
$this->expectException(RuntimeException::class);
$this->expectExceptionMessage('Using "%env(string:FOO)%" is not allowed in routing configuration.');
$router->getRouteCollection();
}
public function testHostPlaceholders() public function testHostPlaceholders()
{ {
$routes = new RouteCollection(); $routes = new RouteCollection();