N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)
2026-04-25 19:48:49 +02:00 · 2025-08-06 08:54:56 +02:00
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
--- a/lib/symfony/twig-bridge/TokenParser/FormThemeTokenParser.php
+++ b/lib/symfony/twig-bridge/TokenParser/FormThemeTokenParser.php
@@ -29,12 +29,16 @@ final class FormThemeTokenParser extends AbstractTokenParser
        $lineno = $token->getLine();
        $stream = $this->parser->getStream();

-        $form = $this->parser->getExpressionParser()->parseExpression();
+        $parseExpression = method_exists($this->parser, 'parseExpression')
+            ? $this->parser->parseExpression(...)
+            : $this->parser->getExpressionParser()->parseExpression(...);
+
+        $form = $parseExpression();
        $only = false;

        if ($this->parser->getStream()->test(Token::NAME_TYPE, 'with')) {
            $this->parser->getStream()->next();
-            $resources = $this->parser->getExpressionParser()->parseExpression();
+            $resources = $parseExpression();

            if ($this->parser->getStream()->nextIf(Token::NAME_TYPE, 'only')) {
                $only = true;
@@ -42,7 +46,7 @@ final class FormThemeTokenParser extends AbstractTokenParser
        } else {
            $resources = new ArrayExpression([], $stream->getCurrent()->getLine());
            do {
-                $resources->addElement($this->parser->getExpressionParser()->parseExpression());
+                $resources->addElement($parseExpression());
            } while (!$stream->test(Token::BLOCK_END_TYPE));
        }