composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-02 06:58:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/symfony/dependency-injection/Attribute/AutowireCallable.php
View File

@@ -25,9 +25,9 @@ class AutowireCallable extends Autowire
* @param bool|class-string $lazy Whether to use lazy-loading for this argument
*/
public function __construct(
string|array $callable = null,
string $service = null,
string $method = null,
string|array|null $callable = null,
?string $service = null,
?string $method = null,
bool|string $lazy = false,
) {
if (!(null !== $callable xor null !== $service)) {
@@ -42,7 +42,7 @@ class AutowireCallable extends Autowire
public function buildDefinition(mixed $value, ?string $type, \ReflectionParameter $parameter): Definition
{
return (new Definition($type = \is_string($this->lazy) ? $this->lazy : ($type ?: 'Closure')))
return (new Definition($type = \is_array($this->lazy) ? current($this->lazy) : ($type ?: 'Closure')))
->setFactory(['Closure', 'fromCallable'])
->setArguments([\is_array($value) ? $value + [1 => '__invoke'] : $value])
->setLazy($this->lazy || 'Closure' !== $type && 'callable' !== (string) $parameter->getType());