From 9e8231ff0b85b42a9f57fcf6d4f488a0535deedd Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 15 Dec 2017 06:43:42 +0100 Subject: [PATCH 1/9] [FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded --- .../DependencyInjection/Configuration.php | 10 +++++++++- .../DependencyInjection/FrameworkExtension.php | 9 +++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php index d5030fc9fe..9430c8775d 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php @@ -21,6 +21,7 @@ use Symfony\Component\Config\Definition\ConfigurationInterface; use Symfony\Component\Form\Form; use Symfony\Component\Lock\Lock; use Symfony\Component\Lock\Store\SemaphoreStore; +use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Serializer\Serializer; use Symfony\Component\Translation\Translator; use Symfony\Component\Validator\Validation; @@ -142,7 +143,14 @@ class Configuration implements ConfigurationInterface $rootNode ->children() ->arrayNode('csrf_protection') - ->canBeEnabled() + ->treatFalseLike(array('enabled' => false)) + ->treatTrueLike(array('enabled' => true)) + ->treatNullLike(array('enabled' => true)) + ->addDefaultsIfNotSet() + ->children() + // defaults to framework.session.enabled && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class) + ->booleanNode('enabled')->defaultNull()->end() + ->end() ->end() ->end() ; diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index 6f972ceaf4..ac0aa7e703 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -17,6 +17,7 @@ use Symfony\Bridge\Monolog\Processor\DebugProcessor; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Bundle\FrameworkBundle\Routing\AnnotatedRouteControllerLoader; +use Symfony\Bundle\FullStack; use Symfony\Component\Cache\Adapter\AbstractAdapter; use Symfony\Component\Cache\Adapter\AdapterInterface; use Symfony\Component\Cache\Adapter\ArrayAdapter; @@ -63,6 +64,7 @@ use Symfony\Component\PropertyInfo\PropertyTypeExtractorInterface; use Symfony\Component\Routing\Loader\AnnotationDirectoryLoader; use Symfony\Component\Routing\Loader\AnnotationFileLoader; use Symfony\Component\Security\Core\Security; +use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Serializer\Encoder\DecoderInterface; use Symfony\Component\Serializer\Encoder\EncoderInterface; use Symfony\Component\Serializer\Mapping\Factory\CacheClassMetadataFactory; @@ -229,6 +231,11 @@ class FrameworkExtension extends Extension $this->registerRequestConfiguration($config['request'], $container, $loader); } + if (null === $config['csrf_protection']['enabled']) { + $config['csrf_protection']['enabled'] = $this->sessionConfigEnabled && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class); + } + $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader); + if ($this->isConfigEnabled($container, $config['form'])) { if (!class_exists('Symfony\Component\Form\Form')) { throw new LogicException('Form support cannot be enabled as the Form component is not installed.'); @@ -249,8 +256,6 @@ class FrameworkExtension extends Extension $container->removeDefinition('console.command.form_debug'); } - $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader); - if ($this->isConfigEnabled($container, $config['assets'])) { if (!class_exists('Symfony\Component\Asset\Package')) { throw new LogicException('Asset support cannot be enabled as the Asset component is not installed.'); From 8f095683d0ce6cf725abe93738075d33655af996 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Tue, 2 Jan 2018 16:28:00 +0100 Subject: [PATCH 2/9] [Security] Fix fatal error on non string username --- .../SimpleFormAuthenticationListener.php | 17 ++++++---- ...namePasswordFormAuthenticationListener.php | 15 +++++---- ...PasswordFormAuthenticationListenerTest.php | 32 +++++++++++++++++++ 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php index cf61d83d43..9b6bfd1a3f 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php @@ -15,6 +15,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Csrf\CsrfToken; @@ -107,15 +108,17 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener } } - if ($this->options['post_only']) { - $username = trim($request->request->get($this->options['username_parameter'], null, true)); - $password = $request->request->get($this->options['password_parameter'], null, true); - } else { - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + $requestBag = $this->options['post_only'] ? $request->request : $request; + $username = $requestBag->get($this->options['username_parameter'], null, true); + $password = $requestBag->get($this->options['password_parameter'], null, true); + + if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) { + throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username))); } - if (strlen($username) > Security::MAX_USERNAME_LENGTH) { + $username = trim($username); + + if (\strlen($username) > Security::MAX_USERNAME_LENGTH) { throw new BadCredentialsException('Invalid username.'); } diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index ba4329b0ea..edcd3f2ef3 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -15,6 +15,7 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Psr\Log\LoggerInterface; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; @@ -84,14 +85,16 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } } - if ($this->options['post_only']) { - $username = trim($request->request->get($this->options['username_parameter'], null, true)); - $password = $request->request->get($this->options['password_parameter'], null, true); - } else { - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + $requestBag = $this->options['post_only'] ? $request->request : $request; + $username = $requestBag->get($this->options['username_parameter'], null, true); + $password = $requestBag->get($this->options['password_parameter'], null, true); + + if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) { + throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username))); } + $username = trim($username); + if (strlen($username) > Security::MAX_USERNAME_LENGTH) { throw new BadCredentialsException('Invalid username.'); } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php index 62b4c48f92..2e99f70e7e 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php @@ -14,8 +14,15 @@ namespace Symfony\Component\Security\Tests\Http\Firewall; use PHPUnit\Framework\TestCase; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\GetResponseEvent; +use Symfony\Component\HttpKernel\HttpKernelInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; +use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler; +use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler; use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener; use Symfony\Component\Security\Core\SecurityContextInterface; +use Symfony\Component\Security\Http\HttpUtils; +use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy; class UsernamePasswordFormAuthenticationListenerTest extends TestCase { @@ -69,6 +76,31 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase $listener->handle($event); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "_username" must be a string, "array" given. + */ + public function testHandleNonStringUsername() + { + $request = Request::create('/login_check', 'POST', array('_username' => array())); + $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock()); + + $listener = new UsernamePasswordFormAuthenticationListener( + new TokenStorage(), + $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(), + new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE), + $httpUtils = new HttpUtils(), + 'foo', + new DefaultAuthenticationSuccessHandler($httpUtils), + new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils), + array('require_previous_session' => false) + ); + + $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST); + + $listener->handle($event); + } + public function getUsernameForLength() { return array( From 927a75ac3eb81853fafb211bc04b8356ad3b45d1 Mon Sep 17 00:00:00 2001 From: Samuel ROZE Date: Mon, 15 Jan 2018 10:33:10 +0000 Subject: [PATCH 3/9] Make sure we only build once and have one time the prefix when importing routes --- .../Routing/RouteCollectionBuilder.php | 6 ++--- .../Tests/RouteCollectionBuilderTest.php | 26 +++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Routing/RouteCollectionBuilder.php b/src/Symfony/Component/Routing/RouteCollectionBuilder.php index 1d9c857aa2..e8a9a165d6 100644 --- a/src/Symfony/Component/Routing/RouteCollectionBuilder.php +++ b/src/Symfony/Component/Routing/RouteCollectionBuilder.php @@ -76,11 +76,11 @@ class RouteCollectionBuilder foreach ($collection->getResources() as $resource) { $builder->addResource($resource); } - - // mount into this builder - $this->mount($prefix, $builder); } + // mount into this builder + $this->mount($prefix, $builder); + return $builder; } diff --git a/src/Symfony/Component/Routing/Tests/RouteCollectionBuilderTest.php b/src/Symfony/Component/Routing/Tests/RouteCollectionBuilderTest.php index 6fc592affc..f6af600bd4 100644 --- a/src/Symfony/Component/Routing/Tests/RouteCollectionBuilderTest.php +++ b/src/Symfony/Component/Routing/Tests/RouteCollectionBuilderTest.php @@ -335,4 +335,30 @@ class RouteCollectionBuilderTest extends TestCase // there are 2 routes (i.e. with non-conflicting names) $this->assertCount(3, $collection->all()); } + + public function testAddsThePrefixOnlyOnceWhenLoadingMultipleCollections() + { + $firstCollection = new RouteCollection(); + $firstCollection->add('a', new Route('/a')); + + $secondCollection = new RouteCollection(); + $secondCollection->add('b', new Route('/b')); + + $loader = $this->getMockBuilder('Symfony\Component\Config\Loader\LoaderInterface')->getMock(); + $loader->expects($this->any()) + ->method('supports') + ->will($this->returnValue(true)); + $loader + ->expects($this->any()) + ->method('load') + ->will($this->returnValue(array($firstCollection, $secondCollection))); + + $routeCollectionBuilder = new RouteCollectionBuilder($loader); + $routeCollectionBuilder->import('/directory/recurse/*', '/other/', 'glob'); + $routes = $routeCollectionBuilder->build()->all(); + + $this->assertEquals(2, count($routes)); + $this->assertEquals('/other/a', $routes['a']->getPath()); + $this->assertEquals('/other/b', $routes['b']->getPath()); + } } From 0f79d09a100ab3dbff94cd4c6c04b6cfac227a37 Mon Sep 17 00:00:00 2001 From: Yanick Witschi Date: Mon, 15 Jan 2018 16:19:42 +0100 Subject: [PATCH 4/9] Fixed Request::__toString ignoring cookies --- src/Symfony/Component/HttpFoundation/Request.php | 14 +++++++++++++- .../Component/HttpFoundation/Tests/RequestTest.php | 12 +++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 7a24f1cf85..ce7258acd6 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -496,9 +496,21 @@ class Request return trigger_error($e, E_USER_ERROR); } + $cookieHeader = ''; + $cookies = array(); + + foreach ($this->cookies as $k => $v) { + $cookies[] = $k.'='.$v; + } + + if (!empty($cookies)) { + $cookieHeader = 'Cookie: '.implode('; ', $cookies)."\r\n"; + } + return sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n". - $this->headers."\r\n". + $this->headers. + $cookieHeader."\r\n". $content; } diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index 1b6426ae93..5dad405761 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -1454,8 +1454,18 @@ class RequestTest extends TestCase $request = new Request(); $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6'); + $request->cookies->set('Foo', 'Bar'); - $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $request->__toString()); + $asString = (string) $request; + + $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $asString); + $this->assertContains('Cookie: Foo=Bar', $asString); + + $request->cookies->set('Another', 'Cookie'); + + $asString = (string) $request; + + $this->assertContains('Cookie: Foo=Bar; Another=Cookie', $asString); } public function testIsMethod() From db5f8deba9dfc0e24539458ff6aa0baf59edaaad Mon Sep 17 00:00:00 2001 From: dtonder Date: Tue, 16 Jan 2018 11:03:48 +0100 Subject: [PATCH 5/9] allow dashes in cwd pathname when running the tests --- src/Symfony/Component/Config/Tests/Util/XmlUtilsTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Config/Tests/Util/XmlUtilsTest.php b/src/Symfony/Component/Config/Tests/Util/XmlUtilsTest.php index a26a994d91..00a7901f3a 100644 --- a/src/Symfony/Component/Config/Tests/Util/XmlUtilsTest.php +++ b/src/Symfony/Component/Config/Tests/Util/XmlUtilsTest.php @@ -55,7 +55,7 @@ class XmlUtilsTest extends TestCase XmlUtils::loadFile($fixtures.'valid.xml', array($mock, 'validate')); $this->fail(); } catch (\InvalidArgumentException $e) { - $this->assertRegExp('/The XML file "[\w:\/\\\.]+" is not valid\./', $e->getMessage()); + $this->assertRegExp('/The XML file "[\w:\/\\\.-]+" is not valid\./', $e->getMessage()); } $this->assertInstanceOf('DOMDocument', XmlUtils::loadFile($fixtures.'valid.xml', array($mock, 'validate'))); From d76a545c0196a05ae7df2883ea30412cd37b20c0 Mon Sep 17 00:00:00 2001 From: Pierre du Plessis Date: Mon, 15 Jan 2018 21:47:29 +0200 Subject: [PATCH 6/9] [Router] Skip anonymous classes when loading annotated routes --- .../Routing/Loader/AnnotationFileLoader.php | 10 ++++---- .../AnonymousClassInTrait.php | 24 +++++++++++++++++++ .../Tests/Loader/AnnotationFileLoaderTest.php | 11 +++++++++ 3 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php diff --git a/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php b/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php index 9c5ab1b6ae..ea203d4fea 100644 --- a/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php +++ b/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php @@ -107,22 +107,22 @@ class AnnotationFileLoader extends FileLoader } if (T_CLASS === $token[0]) { - // Skip usage of ::class constant - $isClassConstant = false; + // Skip usage of ::class constant and anonymous classes + $skipClassToken = false; for ($j = $i - 1; $j > 0; --$j) { if (!isset($tokens[$j][1])) { break; } - if (T_DOUBLE_COLON === $tokens[$j][0]) { - $isClassConstant = true; + if (T_DOUBLE_COLON === $tokens[$j][0] || T_NEW === $tokens[$j][0]) { + $skipClassToken = true; break; } elseif (!in_array($tokens[$j][0], array(T_WHITESPACE, T_DOC_COMMENT, T_COMMENT))) { break; } } - if (!$isClassConstant) { + if (!$skipClassToken) { $class = true; } } diff --git a/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php b/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php new file mode 100644 index 0000000000..de87895649 --- /dev/null +++ b/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php @@ -0,0 +1,24 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Routing\Tests\Fixtures\OtherAnnotatedClasses; + +trait AnonymousClassInTrait +{ + public function test() + { + return new class() { + public function foo() + { + } + }; + } +} diff --git a/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php b/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php index a022af44be..7665f71fdc 100644 --- a/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php +++ b/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php @@ -58,6 +58,17 @@ class AnnotationFileLoaderTest extends AbstractAnnotationLoaderTest $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/VariadicClass.php'); } + /** + * @requires PHP 7.0 + */ + public function testLoadAnonymousClass() + { + $this->reader->expects($this->never())->method('getClassAnnotation'); + $this->reader->expects($this->never())->method('getMethodAnnotations'); + + $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php'); + } + public function testSupports() { $fixture = __DIR__.'/../Fixtures/annotated.php'; From 3fa1ad9c81c96b826da5973883fce204e5389973 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 10 Jan 2018 18:47:32 +0100 Subject: [PATCH 7/9] [Console] Fix restoring exception handler --- src/Symfony/Component/Console/Application.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Symfony/Component/Console/Application.php b/src/Symfony/Component/Console/Application.php index be283aad16..627be50679 100644 --- a/src/Symfony/Component/Console/Application.php +++ b/src/Symfony/Component/Console/Application.php @@ -163,7 +163,12 @@ class Application $exitCode = 1; } } finally { + // if the exception handler changed, keep it + // otherwise, unregister $renderException if (!$phpHandler) { + if (set_exception_handler($renderException) === $renderException) { + restore_exception_handler(); + } restore_exception_handler(); } elseif (!$debugHandler) { $phpHandler[0]->setExceptionHandler(null); From 00964492d270b8b06ea88d645ea59674f787e3c2 Mon Sep 17 00:00:00 2001 From: Thomas Calvet Date: Fri, 12 Jan 2018 14:11:07 +0100 Subject: [PATCH 8/9] [Console] Keep the modified exception handler --- src/Symfony/Component/Console/Application.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Console/Application.php b/src/Symfony/Component/Console/Application.php index 627be50679..107c1ed6ca 100644 --- a/src/Symfony/Component/Console/Application.php +++ b/src/Symfony/Component/Console/Application.php @@ -171,7 +171,10 @@ class Application } restore_exception_handler(); } elseif (!$debugHandler) { - $phpHandler[0]->setExceptionHandler(null); + $finalHandler = $phpHandler[0]->setExceptionHandler(null); + if ($finalHandler !== $renderException) { + $phpHandler[0]->setExceptionHandler($finalHandler); + } } } From 10e33acf4241d13de88da7f2f5e29dde2e460f76 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 16 Jan 2018 18:32:27 +0100 Subject: [PATCH 9/9] [appveyor] set memory_limit=-1 --- appveyor.yml | 1 + .../Component/Security/Http/Firewall/ContextListener.php | 8 +++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index 6d86996726..9ff140b0a2 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -31,6 +31,7 @@ install: - 7z x php_memcache-3.0.8-5.3-nts-vc9-x86.zip -y >nul - cd .. - copy /Y php.ini-development php.ini-min + - echo memory_limit=-1 >> php.ini-min - echo serialize_precision=14 >> php.ini-min - echo max_execution_time=1200 >> php.ini-min - echo date.timezone="America/Los_Angeles" >> php.ini-min diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index 7a3483b2ec..2c315b9944 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -39,8 +39,6 @@ class ContextListener implements ListenerInterface private $dispatcher; private $registered; - private static $unserializeExceptionCode = 0x37313bc; - public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($contextKey)) { @@ -180,7 +178,7 @@ class ContextListener implements ListenerInterface $prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback'); $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = array()) use (&$prevErrorHandler) { if (__FILE__ === $file) { - throw new \UnexpectedValueException($msg, self::$unserializeExceptionCode); + throw new \UnexpectedValueException($msg, 0x37313bc); } return $prevErrorHandler ? $prevErrorHandler($type, $msg, $file, $line, $context) : false; @@ -194,7 +192,7 @@ class ContextListener implements ListenerInterface restore_error_handler(); ini_set('unserialize_callback_func', $prevUnserializeHandler); if ($e) { - if (!$e instanceof \UnexpectedValueException || self::$unserializeExceptionCode !== $e->getCode()) { + if (!$e instanceof \UnexpectedValueException || 0x37313bc !== $e->getCode()) { throw $e; } if ($this->logger) { @@ -210,6 +208,6 @@ class ContextListener implements ListenerInterface */ public static function handleUnserializeCallback($class) { - throw new \UnexpectedValueException('Class not found: '.$class, self::$unserializeExceptionCode); + throw new \UnexpectedValueException('Class not found: '.$class, 0x37313bc); } }