N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)
2026-04-28 13:08:45 +02:00 · 2025-08-06 08:54:56 +02:00
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
--- a/lib/symfony/dependency-injection/Compiler/CheckCircularReferencesPass.php
+++ b/lib/symfony/dependency-injection/Compiler/CheckCircularReferencesPass.php
@@ -28,6 +28,7 @@ class CheckCircularReferencesPass implements CompilerPassInterface
 {
    private array $currentPath;
    private array $checkedNodes;
+    private array $checkedLazyNodes;

    /**
     * Checks the ContainerBuilder object for circular references.
@@ -59,22 +60,36 @@ class CheckCircularReferencesPass implements CompilerPassInterface
            $node = $edge->getDestNode();
            $id = $node->getId();

-            if (empty($this->checkedNodes[$id])) {
-                // Don't check circular references for lazy edges
-                if (!$node->getValue() || (!$edge->isLazy() && !$edge->isWeak())) {
-                    $searchKey = array_search($id, $this->currentPath);
-                    $this->currentPath[] = $id;
+            if (!empty($this->checkedNodes[$id])) {
+                continue;
+            }

-                    if (false !== $searchKey) {
-                        throw new ServiceCircularReferenceException($id, \array_slice($this->currentPath, $searchKey));
-                    }
+            $isLeaf = !!$node->getValue();
+            $isConcrete = !$edge->isLazy() && !$edge->isWeak();

-                    $this->checkOutEdges($node->getOutEdges());
+            // Skip already checked lazy services if they are still lazy. Will not gain any new information.
+            if (!empty($this->checkedLazyNodes[$id]) && (!$isLeaf || !$isConcrete)) {
+                continue;
+            }
+
+            // Process concrete references, otherwise defer check circular references for lazy edges.
+            if (!$isLeaf || $isConcrete) {
+                $searchKey = array_search($id, $this->currentPath);
+                $this->currentPath[] = $id;
+
+                if (false !== $searchKey) {
+                    throw new ServiceCircularReferenceException($id, \array_slice($this->currentPath, $searchKey));
                }

+                $this->checkOutEdges($node->getOutEdges());
+
                $this->checkedNodes[$id] = true;
-                array_pop($this->currentPath);
+                unset($this->checkedLazyNodes[$id]);
+            } else {
+                $this->checkedLazyNodes[$id] = true;
            }
+
+            array_pop($this->currentPath);
        }
    }
 }