mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-24 11:08:45 +02:00
N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
@@ -96,6 +96,8 @@ final class CodeExtension extends AbstractExtension
|
||||
$formattedValue = '<em>'.strtolower(htmlspecialchars(var_export($item[1], true), \ENT_COMPAT | \ENT_SUBSTITUTE, $this->charset)).'</em>';
|
||||
} elseif ('resource' === $item[0]) {
|
||||
$formattedValue = '<em>resource</em>';
|
||||
} elseif (preg_match('/[^\x07-\x0D\x1B\x20-\xFF]/', $item[1])) {
|
||||
$formattedValue = '<em>binary string</em>';
|
||||
} else {
|
||||
$formattedValue = str_replace("\n", '', htmlspecialchars(var_export($item[1], true), \ENT_COMPAT | \ENT_SUBSTITUTE, $this->charset));
|
||||
}
|
||||
@@ -126,10 +128,10 @@ final class CodeExtension extends AbstractExtension
|
||||
if (\PHP_VERSION_ID >= 80300) {
|
||||
// remove main pre/code tags
|
||||
$code = preg_replace('#^<pre.*?>\s*<code.*?>(.*)</code>\s*</pre>#s', '\\1', $code);
|
||||
// split multiline code tags
|
||||
$code = preg_replace_callback('#<code ([^>]++)>((?:[^<]*+\\n)++[^<]*+)</code>#', fn ($m) => "<code $m[1]>".str_replace("\n", "</code>\n<code $m[1]>", $m[2]).'</code>', $code);
|
||||
// Convert spaces to html entities to preserve indentation when rendered
|
||||
$code = str_replace(' ', ' ', $code);
|
||||
// split multiline span tags
|
||||
$code = preg_replace_callback('#<span ([^>]++)>((?:[^<\\n]*+\\n)++[^<]*+)</span>#', function ($m) {
|
||||
return "<span $m[1]>".str_replace("\n", "</span>\n<span $m[1]>", $m[2]).'</span>';
|
||||
}, $code);
|
||||
$content = explode("\n", $code);
|
||||
} else {
|
||||
// remove main code/span tags
|
||||
@@ -157,7 +159,7 @@ final class CodeExtension extends AbstractExtension
|
||||
/**
|
||||
* Formats a file path.
|
||||
*/
|
||||
public function formatFile(string $file, int $line, string $text = null): string
|
||||
public function formatFile(string $file, int $line, ?string $text = null): string
|
||||
{
|
||||
$file = trim($file);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user