composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 02:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/symfony/framework-bundle/Controller/AbstractController.php
View File

@@ -163,7 +163,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
/**
* Returns a BinaryFileResponse object with original or customized file name and disposition header.
*/
protected function file(\SplFileInfo|string $file, string $fileName = null, string $disposition = ResponseHeaderBag::DISPOSITION_ATTACHMENT): BinaryFileResponse
protected function file(\SplFileInfo|string $file, ?string $fileName = null, string $disposition = ResponseHeaderBag::DISPOSITION_ATTACHMENT): BinaryFileResponse
{
$response = new BinaryFileResponse($file);
$response->setContentDisposition($disposition, $fileName ?? $response->getFile()->getFilename());
@@ -248,7 +248,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
* If an invalid form is found in the list of parameters, a 422 status code is returned.
* Forms found in parameters are auto-cast to form views.
*/
protected function render(string $view, array $parameters = [], Response $response = null): Response
protected function render(string $view, array $parameters = [], ?Response $response = null): Response
{
return $this->doRender($view, null, $parameters, $response, __FUNCTION__);
}
@@ -259,7 +259,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
* If an invalid form is found in the list of parameters, a 422 status code is returned.
* Forms found in parameters are auto-cast to form views.
*/
protected function renderBlock(string $view, string $block, array $parameters = [], Response $response = null): Response
protected function renderBlock(string $view, string $block, array $parameters = [], ?Response $response = null): Response
{
return $this->doRender($view, $block, $parameters, $response, __FUNCTION__);
}
@@ -271,7 +271,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
*
* @deprecated since Symfony 6.2, use render() instead
*/
protected function renderForm(string $view, array $parameters = [], Response $response = null): Response
protected function renderForm(string $view, array $parameters = [], ?Response $response = null): Response
{
trigger_deprecation('symfony/framework-bundle', '6.2', 'The "%s::renderForm()" method is deprecated, use "render()" instead.', get_debug_type($this));
@@ -281,7 +281,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
/**
* Streams a view.
*/
protected function stream(string $view, array $parameters = [], StreamedResponse $response = null): StreamedResponse
protected function stream(string $view, array $parameters = [], ?StreamedResponse $response = null): StreamedResponse
{
if (!$this->container->has('twig')) {
throw new \LogicException('You cannot use the "stream" method if the Twig Bundle is not available. Try running "composer require symfony/twig-bundle".');
@@ -309,7 +309,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
*
* throw $this->createNotFoundException('Page not found!');
*/
protected function createNotFoundException(string $message = 'Not Found', \Throwable $previous = null): NotFoundHttpException
protected function createNotFoundException(string $message = 'Not Found', ?\Throwable $previous = null): NotFoundHttpException
{
return new NotFoundHttpException($message, $previous);
}
@@ -323,7 +323,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
*
* @throws \LogicException If the Security component is not available
*/
protected function createAccessDeniedException(string $message = 'Access Denied.', \Throwable $previous = null): AccessDeniedException
protected function createAccessDeniedException(string $message = 'Access Denied.', ?\Throwable $previous = null): AccessDeniedException
{
if (!class_exists(AccessDeniedException::class)) {
throw new \LogicException('You cannot use the "createAccessDeniedException" method if the Security component is not available. Try running "composer require symfony/security-bundle".');
@@ -406,7 +406,7 @@ abstract class AbstractController implements ServiceSubscriberInterface
/**
* @param LinkInterface[] $links
*/
protected function sendEarlyHints(iterable $links = [], Response $response = null): Response
protected function sendEarlyHints(iterable $links = [], ?Response $response = null): Response
{
if (!$this->container->has('web_link.http_header_serializer')) {
throw new \LogicException('You cannot use the "sendEarlyHints" method if the WebLink component is not available. Try running "composer require symfony/web-link".');

14
lib/symfony/framework-bundle/Controller/RedirectController.php
View File

@@ -31,7 +31,7 @@ class RedirectController
private ?int $httpPort;
private ?int $httpsPort;
public function __construct(UrlGeneratorInterface $router = null, int $httpPort = null, int $httpsPort = null)
public function __construct(?UrlGeneratorInterface $router = null, ?int $httpPort = null, ?int $httpsPort = null)
{
$this->router = $router;
$this->httpPort = $httpPort;
@@ -107,9 +107,9 @@ class RedirectController
*
* @throws HttpException In case the path is empty
*/
public function urlRedirectAction(Request $request, string $path, bool $permanent = false, string $scheme = null, int $httpPort = null, int $httpsPort = null, bool $keepRequestMethod = false): Response
public function urlRedirectAction(Request $request, string $path, bool $permanent = false, ?string $scheme = null, ?int $httpPort = null, ?int $httpsPort = null, bool $keepRequestMethod = false): Response
{
if ('' == $path) {
if ('' === $path) {
throw new HttpException($permanent ? 410 : 404);
}
@@ -119,13 +119,17 @@ class RedirectController
$statusCode = $permanent ? 301 : 302;
}
$scheme ??= $request->getScheme();
if (str_starts_with($path, '//')) {
$path = $scheme.':'.$path;
}
// redirect if the path is a full URL
if (parse_url($path, \PHP_URL_SCHEME)) {
return new RedirectResponse($path, $statusCode);
}
$scheme ??= $request->getScheme();
if ($qs = $request->server->get('QUERY_STRING') ?: $request->getQueryString()) {
if (!str_contains($path, '?')) {
$qs = '?'.$qs;

6
lib/symfony/framework-bundle/Controller/TemplateController.php
View File

@@ -25,7 +25,7 @@ class TemplateController
{
private ?Environment $twig;
public function __construct(Environment $twig = null)
public function __construct(?Environment $twig = null)
{
$this->twig = $twig;
}
@@ -40,7 +40,7 @@ class TemplateController
* @param array $context The context (arguments) of the template
* @param int $statusCode The HTTP status code to return with the response (200 "OK" by default)
*/
public function templateAction(string $template, int $maxAge = null, int $sharedAge = null, bool $private = null, array $context = [], int $statusCode = 200): Response
public function templateAction(string $template, ?int $maxAge = null, ?int $sharedAge = null, ?bool $private = null, array $context = [], int $statusCode = 200): Response
{
if (null === $this->twig) {
throw new \LogicException('You cannot use the TemplateController if the Twig Bundle is not available. Try running "composer require symfony/twig-bundle".');
@@ -68,7 +68,7 @@ class TemplateController
/**
* @param int $statusCode The HTTP status code (200 "OK" by default)
*/
public function __invoke(string $template, int $maxAge = null, int $sharedAge = null, bool $private = null, array $context = [], int $statusCode = 200): Response
public function __invoke(string $template, ?int $maxAge = null, ?int $sharedAge = null, ?bool $private = null, array $context = [], int $statusCode = 200): Response
{
return $this->templateAction($template, $maxAge, $sharedAge, $private, $context, $statusCode);
}