Merge branch '3.4' into 4.2

* 3.4:
  Fix json-encoding when JSON_THROW_ON_ERROR is used
  [HttpFoundation] work around PHP 7.3 bug related to json_encode()
  [Security] added support for updated \"distinguished name\" format in x509 authentication

src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php

@@ -185,6 +185,7 @@ class JsonDescriptor extends Descriptor
     private function writeData(array $data, array $options)
     {
         $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0;
+
         $this->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n");
     }
 

src/Symfony/Component/Console/Descriptor/JsonDescriptor.php

@@ -97,7 +97,9 @@ class JsonDescriptor extends Descriptor
      */
     private function writeData(array $data, array $options)
     {
-        $this->write(json_encode($data, isset($options['json_encoding']) ? $options['json_encoding'] : 0));
+        $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0;
+
+        $this->write(json_encode($data, $flags));
     }
 
     /**

src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php

@@ -94,7 +94,8 @@ class JsonDescriptor extends Descriptor
 
     private function writeData(array $data, array $options)
     {
-        $flags = $options['json_encoding'] ?? 0;
+        $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0;
+
         $this->output->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n");
     }
 

src/Symfony/Component/HttpFoundation/JsonResponse.php

@@ -148,6 +148,10 @@ class JsonResponse extends Response
             throw $e;
         }
 
+        if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $this->encodingOptions)) {
+            return $this->setJson($data);
+        }
+
         if (JSON_ERROR_NONE !== json_last_error()) {
             throw new \InvalidArgumentException(json_last_error_msg());
         }

src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php

@@ -44,7 +44,10 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener
         $user = null;
         if ($request->server->has($this->userKey)) {
             $user = $request->server->get($this->userKey);
-        } elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
+        } elseif (
+            $request->server->has($this->credentialKey)
+            && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches)
+        ) {
             $user = $matches[1];
         }
 

src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php

@@ -56,9 +56,8 @@ class X509AuthenticationListenerTest extends TestCase
     /**
      * @dataProvider dataProviderGetPreAuthenticatedDataNoUser
      */
-    public function testGetPreAuthenticatedDataNoUser($emailAddress)
+    public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials)
     {
-        $credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
         $request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);
 
         $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
@@ -76,10 +75,12 @@ class X509AuthenticationListenerTest extends TestCase
 
     public static function dataProviderGetPreAuthenticatedDataNoUser()
     {
-        return [
-            'basicEmailAddress' => ['cert@example.com'],
-            'emailAddressWithPlusSign' => ['cert+something@example.com'],
-        ];
+        yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com'];
+        yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com'];
+        yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com'];
+        yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com'];
+        yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN'];
+        yield ['cert+something@example.com', 'emailAddress=cert+something@example.com'];
     }
 
     /**

src/Symfony/Component/Serializer/Encoder/JsonDecode.php

@@ -92,7 +92,15 @@ class JsonDecode implements DecoderInterface
         $recursionDepth = $context[self::RECURSION_DEPTH] ?? $this->defaultContext[self::RECURSION_DEPTH];
         $options = $context[self::OPTIONS] ?? $this->defaultContext[self::OPTIONS];
 
-        $decodedData = json_decode($data, $associative, $recursionDepth, $options);
+        try {
+            $decodedData = json_decode($data, $associative, $recursionDepth, $options);
+        } catch (\JsonException $e) {
+            throw new NotEncodableValueException($e->getMessage(), 0, $e);
+        }
+
+        if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $options)) {
+            return $decodedData;
+        }
 
         if (JSON_ERROR_NONE !== json_last_error()) {
             throw new NotEncodableValueException(json_last_error_msg());

src/Symfony/Component/Serializer/Encoder/JsonEncode.php

@@ -50,6 +50,10 @@ class JsonEncode implements EncoderInterface
         $jsonEncodeOptions = $context[self::OPTIONS] ?? $this->defaultContext[self::OPTIONS];
         $encodedJson = json_encode($data, $jsonEncodeOptions);
 
+        if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $jsonEncodeOptions)) {
+            return $encodedJson;
+        }
+
         if (JSON_ERROR_NONE !== json_last_error() && (false === $encodedJson || !($jsonEncodeOptions & JSON_PARTIAL_OUTPUT_ON_ERROR))) {
             throw new NotEncodableValueException(json_last_error_msg());
         }