composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 02:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
lib/symfony/dependency-injection/Loader/XmlFileLoader.php
View File

@@ -41,7 +41,7 @@ class XmlFileLoader extends FileLoader
protected $autoRegisterAliasesForSinglyImplementedInterfaces = false;
public function load(mixed $resource, string $type = null): mixed
public function load(mixed $resource, ?string $type = null): mixed
{
$path = $this->locator->locate($resource);
@@ -68,7 +68,7 @@ class XmlFileLoader extends FileLoader
return null;
}
private function loadXml(\DOMDocument $xml, string $path, \DOMNode $root = null): void
private function loadXml(\DOMDocument $xml, string $path, ?\DOMNode $root = null): void
{
$defaults = $this->getServiceDefaults($xml, $path, $root);
@@ -93,7 +93,7 @@ class XmlFileLoader extends FileLoader
}
}
public function supports(mixed $resource, string $type = null): bool
public function supports(mixed $resource, ?string $type = null): bool
{
if (!\is_string($resource)) {
return false;
@@ -106,19 +106,19 @@ class XmlFileLoader extends FileLoader
return 'xml' === $type;
}
private function parseParameters(\DOMDocument $xml, string $file, \DOMNode $root = null): void
private function parseParameters(\DOMDocument $xml, string $file, ?\DOMNode $root = null): void
{
if ($parameters = $this->getChildren($root ?? $xml->documentElement, 'parameters')) {
$this->container->getParameterBag()->add($this->getArgumentsAsPhp($parameters[0], 'parameter', $file));
}
}
private function parseImports(\DOMDocument $xml, string $file, \DOMNode $root = null): void
private function parseImports(\DOMDocument $xml, string $file, ?\DOMNode $root = null): void
{
$xpath = new \DOMXPath($xml);
$xpath->registerNamespace('container', self::NS);
if (false === $imports = $xpath->query('.//container:imports/container:import', $root)) {
if (false === $imports = $xpath->query('./container:imports/container:import', $root)) {
return;
}
@@ -129,19 +129,19 @@ class XmlFileLoader extends FileLoader
}
}
private function parseDefinitions(\DOMDocument $xml, string $file, Definition $defaults, \DOMNode $root = null): void
private function parseDefinitions(\DOMDocument $xml, string $file, Definition $defaults, ?\DOMNode $root = null): void
{
$xpath = new \DOMXPath($xml);
$xpath->registerNamespace('container', self::NS);
if (false === $services = $xpath->query('.//container:services/container:service|.//container:services/container:prototype|.//container:services/container:stack', $root)) {
if (false === $services = $xpath->query('./container:services/container:service|./container:services/container:prototype|./container:services/container:stack', $root)) {
return;
}
$this->setCurrentDir(\dirname($file));
$this->instanceof = [];
$this->isLoadingInstanceof = true;
$instanceof = $xpath->query('.//container:services/container:instanceof', $root);
$instanceof = $xpath->query('./container:services/container:instanceof', $root);
foreach ($instanceof as $service) {
$this->setDefinition((string) $service->getAttribute('id'), $this->parseDefinition($service, $file, new Definition()));
}
@@ -187,12 +187,12 @@ class XmlFileLoader extends FileLoader
}
}
private function getServiceDefaults(\DOMDocument $xml, string $file, \DOMNode $root = null): Definition
private function getServiceDefaults(\DOMDocument $xml, string $file, ?\DOMNode $root = null): Definition
{
$xpath = new \DOMXPath($xml);
$xpath->registerNamespace('container', self::NS);
if (null === $defaultsNode = $xpath->query('.//container:services/container:defaults', $root)->item(0)) {
if (null === $defaultsNode = $xpath->query('./container:services/container:defaults', $root)->item(0)) {
return new Definition();
}
@@ -458,7 +458,33 @@ class XmlFileLoader extends FileLoader
try {
$dom = XmlUtils::loadFile($file, $this->validateSchema(...));
} catch (\InvalidArgumentException $e) {
throw new InvalidArgumentException(sprintf('Unable to parse file "%s": ', $file).$e->getMessage(), $e->getCode(), $e);
$invalidSecurityElements = [];
$errors = explode("\n", $e->getMessage());
foreach ($errors as $i => $error) {
if (preg_match("#^\[ERROR 1871] Element '\{http://symfony\.com/schema/dic/security}([^']+)'#", $error, $matches)) {
$invalidSecurityElements[$i] = $matches[1];
}
}
if ($invalidSecurityElements) {
$dom = XmlUtils::loadFile($file);
foreach ($invalidSecurityElements as $errorIndex => $tagName) {
foreach ($dom->getElementsByTagNameNS('http://symfony.com/schema/dic/security', $tagName) as $element) {
if (!$parent = $element->parentNode) {
continue;
}
if ('http://symfony.com/schema/dic/security' !== $parent->namespaceURI) {
continue;
}
if ('provider' === $parent->localName || 'firewall' === $parent->localName) {
unset($errors[$errorIndex]);
}
}
}
}
if ($errors) {
throw new InvalidArgumentException(sprintf('Unable to parse file "%s": ', $file).implode("\n", $errors), $e->getCode(), $e);
}
}
$this->validateExtensions($dom, $file);
@@ -469,7 +495,7 @@ class XmlFileLoader extends FileLoader
/**
* Processes anonymous services.
*/
private function processAnonymousServices(\DOMDocument $xml, string $file, \DOMNode $root = null): void
private function processAnonymousServices(\DOMDocument $xml, string $file, ?\DOMNode $root = null): void
{
$definitions = [];
$count = 0;
@@ -858,6 +884,6 @@ EOF
*/
public static function convertDomElementToArray(\DOMElement $element): mixed
{
return XmlUtils::convertDomElementToArray($element);
return XmlUtils::convertDomElementToArray($element, false);
}
}