mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-25 11:38:44 +02:00
N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
@@ -12,6 +12,7 @@
|
||||
namespace Symfony\Bridge\Twig\Node;
|
||||
|
||||
use Twig\Compiler;
|
||||
use Twig\Extension\CoreExtension;
|
||||
use Twig\Node\Expression\ArrayExpression;
|
||||
use Twig\Node\Expression\ConstantExpression;
|
||||
use Twig\Node\Expression\FunctionExpression;
|
||||
@@ -50,7 +51,7 @@ final class SearchAndRenderBlockNode extends FunctionExpression
|
||||
$labelIsExpression = false;
|
||||
|
||||
// Only insert the label into the array if it is not empty
|
||||
if (!twig_test_empty($label->getAttribute('value'))) {
|
||||
if (null !== $label->getAttribute('value') && false !== $label->getAttribute('value') && '' !== (string) $label->getAttribute('value')) {
|
||||
$originalVariables = $variables;
|
||||
$variables = new ArrayExpression([], $lineno);
|
||||
$labelKey = new ConstantExpression('label', $lineno);
|
||||
@@ -97,7 +98,12 @@ final class SearchAndRenderBlockNode extends FunctionExpression
|
||||
|
||||
// Check at runtime whether the label is empty.
|
||||
// If not, add it to the array at runtime.
|
||||
$compiler->raw('(twig_test_empty($_label_ = ');
|
||||
if (method_exists(CoreExtension::class, 'testEmpty')) {
|
||||
$compiler->raw('(CoreExtension::testEmpty($_label_ = ');
|
||||
} else {
|
||||
$compiler->raw('(twig_test_empty($_label_ = ');
|
||||
}
|
||||
|
||||
$compiler->subcompile($label);
|
||||
$compiler->raw(') ? [] : ["label" => $_label_])');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user