symfony

Archived

forked from https://github.com/symfony/symfony

This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Alexander M. Turek e1f2e81306 bug #40330 [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped (monteiro) This PR was squashed before being merged into the 4.4 branch. Discussion ---------- [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped \| Q \| A \| ------------- \| --- \| Branch? \| 4.4 \| Bug fix? \| yes \| New feature? \| no <!-- please update src/*/CHANGELOG.md files --> \| Deprecations? \| no <!-- please update UPGRADE-.md and src/**/CHANGELOG.md files --> \| Tickets \| Fix #40235 ... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead --> \| License \| MIT When the IDE by mistake puts an empty line in `access_control` in security.yaml there is no warning that we have an empty row, making the rest of routes defined, to be ignored and possible to be accessed by anyone that can authenticate no matter the role. # How to reproduce the issue - git clone git@github.com:monteiro/symfony-issue-40235.git - composer install - symfony server:start - open 127.0.0.1:8000/admin with username: "john_user" and password "123456" - Since that user has only ROLE_USER should not be able to access the route... but because there is an empty line in "access_control" in `security.yaml`, "by mistake" it is possible to access the protected `ROLE_ADMIN` route. Commits ------- `ee26ce5987` [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped		2021-04-12 16:25:43 +02:00
.github	[travis] remove cache of composer.lock for deps=low	2021-03-23 21:57:14 +01:00
src/Symfony	bug #40330 [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped (monteiro)	2021-04-12 16:25:43 +02:00
.appveyor.yml	Ignore indirect deprecation triggered by doctrine/orm	2021-02-16 10:34:45 +01:00
.editorconfig	Update .editorconfig	2018-09-06 16:22:56 +02:00
.gitattributes	"export-ignore" contracts and phpunit-bridge	2021-01-22 10:53:35 +01:00
.gitignore	Run the phpunit-bridge from a PR	2019-08-02 17:46:19 +02:00
.php_cs.dist	Update PHP CS Fixer config to v2.18	2021-01-18 03:36:26 +01:00
.travis.yml	[travis] remove cache of composer.lock for deps=low	2021-03-23 21:57:14 +01:00
CHANGELOG-4.0.md	Merge branch '3.4' into 4.1	2018-08-01 18:22:14 +02:00
CHANGELOG-4.1.md	updated CHANGELOG for 4.1.10	2019-01-06 17:16:07 +01:00
CHANGELOG-4.2.md	updated CHANGELOG for 4.2.10	2019-06-26 16:19:37 +02:00
CHANGELOG-4.3.md	updated CHANGELOG for 4.3.10	2020-01-21 14:13:32 +01:00
CHANGELOG-4.4.md	Update CHANGELOG for 4.4.21	2021-03-29 07:10:17 +02:00
CODE_OF_CONDUCT.md	Added the Code of Conduct file	2018-10-10 03:13:30 -07:00
composer.json	[TwigBridge] Allow version 3 of the Twig extra packages	2021-03-07 20:47:33 +01:00
CONTRIBUTING.md	Mention the community review guide	2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md	Update CONTRIBUTORS for 4.4.21	2021-03-29 07:10:41 +02:00
LICENSE	Bump license year	2021-01-01 10:24:35 +01:00
link	Fix CS in link binary	2020-12-10 19:02:00 +01:00
phpunit	Skip checking return types on PHP <= 7.2	2021-02-11 09:19:35 +01:00
phpunit.xml.dist	Adds LDAP Adapter test in integration group	2020-11-16 15:17:13 +01:00
psalm.xml	Adding a Github action to run Psalm	2021-02-25 17:18:18 +01:00
README.md	Update README.md	2020-12-29 01:17:49 +01:00
UPGRADE-4.0.md	Fix CS in changelogs	2020-12-10 17:34:26 +01:00
UPGRADE-4.1.md	Merge branch '4.0' into 4.1	2018-05-31 12:17:53 +02:00
UPGRADE-4.2.md	Merge branch '3.4' into 4.3	2020-01-08 18:19:22 +01:00
UPGRADE-4.3.md	Merge branch '4.3' into 4.4	2019-11-19 13:20:06 +01:00
UPGRADE-4.4.md	Fix CS in changelogs	2020-12-10 17:34:26 +01:00
UPGRADE-5.0.md	Fix CS in changelogs	2020-12-10 17:34:26 +01:00

README.md

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Install Symfony with Composer (see requirements details).
Symfony follows the semantic versioning strictly, publishes "Long Term Support" (LTS) versions and has a release process that is predictable and business-friendly.

Documentation

Read the Getting Started guide if you are new to Symfony.
Try the Symfony Demo application to learn Symfony in practice.
Master Symfony with the Guides and Tutorials, the Components docs and the Best Practices reference.

Community

Join the Symfony Community and meet other members at the Symfony events.
Get Symfony support on Stack Overflow, Slack, IRC, etc.
Follow us on GitHub, Twitter and Facebook.
Read our Code of Conduct and meet the CARE Team.

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.