composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-29 05:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/symfony/twig-bridge/Node/DumpNode.php
View File

@@ -11,29 +11,44 @@
namespace Symfony\Bridge\Twig\Node;
use Twig\Attribute\FirstClassTwigCallableReady;
use Twig\Attribute\YieldReady;
use Twig\Compiler;
use Twig\Node\Expression\Variable\LocalVariable;
use Twig\Node\Node;
/**
* @author Julien Galenski <julien.galenski@gmail.com>
*/
#[YieldReady]
final class DumpNode extends Node
{
private string $varPrefix;
private LocalVariable|string $varPrefix;
public function __construct(string $varPrefix, ?Node $values, int $lineno, string $tag = null)
public function __construct(LocalVariable|string $varPrefix, ?Node $values, int $lineno, ?string $tag = null)
{
$nodes = [];
if (null !== $values) {
$nodes['values'] = $values;
}
parent::__construct($nodes, [], $lineno, $tag);
if (class_exists(FirstClassTwigCallableReady::class)) {
parent::__construct($nodes, [], $lineno);
} else {
parent::__construct($nodes, [], $lineno, $tag);
}
$this->varPrefix = $varPrefix;
}
public function compile(Compiler $compiler): void
{
if ($this->varPrefix instanceof LocalVariable) {
$varPrefix = $this->varPrefix->getAttribute('name');
} else {
$varPrefix = $this->varPrefix;
}
$compiler
->write("if (\$this->env->isDebug()) {\n")
->indent();
@@ -41,18 +56,18 @@ final class DumpNode extends Node
if (!$this->hasNode('values')) {
// remove embedded templates (macros) from the context
$compiler
->write(sprintf('$%svars = [];'."\n", $this->varPrefix))
->write(sprintf('foreach ($context as $%1$skey => $%1$sval) {'."\n", $this->varPrefix))
->write(sprintf('$%svars = [];'."\n", $varPrefix))
->write(sprintf('foreach ($context as $%1$skey => $%1$sval) {'."\n", $varPrefix))
->indent()
->write(sprintf('if (!$%sval instanceof \Twig\Template) {'."\n", $this->varPrefix))
->write(sprintf('if (!$%sval instanceof \Twig\Template) {'."\n", $varPrefix))
->indent()
->write(sprintf('$%1$svars[$%1$skey] = $%1$sval;'."\n", $this->varPrefix))
->write(sprintf('$%1$svars[$%1$skey] = $%1$sval;'."\n", $varPrefix))
->outdent()
->write("}\n")
->outdent()
->write("}\n")
->addDebugInfo($this)
->write(sprintf('\Symfony\Component\VarDumper\VarDumper::dump($%svars);'."\n", $this->varPrefix));
->write(sprintf('\Symfony\Component\VarDumper\VarDumper::dump($%svars);'."\n", $varPrefix));
} elseif (($values = $this->getNode('values')) && 1 === $values->count()) {
$compiler
->addDebugInfo($this)