mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-25 19:48:49 +02:00
N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
@@ -12,7 +12,9 @@
|
||||
namespace Symfony\Bridge\Twig\TokenParser;
|
||||
|
||||
use Symfony\Bridge\Twig\Node\DumpNode;
|
||||
use Twig\Node\Expression\Variable\LocalVariable;
|
||||
use Twig\Node\Node;
|
||||
use Twig\Node\Nodes;
|
||||
use Twig\Token;
|
||||
use Twig\TokenParser\AbstractTokenParser;
|
||||
|
||||
@@ -33,11 +35,26 @@ final class DumpTokenParser extends AbstractTokenParser
|
||||
{
|
||||
$values = null;
|
||||
if (!$this->parser->getStream()->test(Token::BLOCK_END_TYPE)) {
|
||||
$values = $this->parser->getExpressionParser()->parseMultitargetExpression();
|
||||
$values = method_exists($this->parser, 'parseExpression') ?
|
||||
$this->parseMultitargetExpression() :
|
||||
$this->parser->getExpressionParser()->parseMultitargetExpression();
|
||||
}
|
||||
$this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
|
||||
|
||||
return new DumpNode($this->parser->getVarName(), $values, $token->getLine(), $this->getTag());
|
||||
return new DumpNode(class_exists(LocalVariable::class) ? new LocalVariable(null, $token->getLine()) : $this->parser->getVarName(), $values, $token->getLine(), $this->getTag());
|
||||
}
|
||||
|
||||
private function parseMultitargetExpression(): Node
|
||||
{
|
||||
$targets = [];
|
||||
while (true) {
|
||||
$targets[] = $this->parser->parseExpression();
|
||||
if (!$this->parser->getStream()->nextIf(Token::PUNCTUATION_TYPE, ',')) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return new Nodes($targets);
|
||||
}
|
||||
|
||||
public function getTag(): string
|
||||
|
||||
Reference in New Issue
Block a user