composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-01 14:38:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/symfony/config/FileLocator.php
View File

@@ -31,9 +31,11 @@ class FileLocator implements FileLocatorInterface
}
/**
* @return string|array
* @return string|string[]
*
* @psalm-return ($first is true ? string : string[])
*/
public function locate(string $name, string $currentPath = null, bool $first = true)
public function locate(string $name, ?string $currentPath = null, bool $first = true)
{
if ('' === $name) {
throw new \InvalidArgumentException('An empty file name is not valid to be located.');
@@ -84,7 +86,8 @@ class FileLocator implements FileLocatorInterface
&& ':' === $file[1]
&& ('\\' === $file[2] || '/' === $file[2])
)
|| null !== parse_url($file, \PHP_URL_SCHEME)
|| parse_url($file, \PHP_URL_SCHEME)
|| str_starts_with($file, 'phar:///') // "parse_url()" doesn't handle absolute phar path, despite being valid
) {
return true;
}