N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)
2026-04-25 11:38:44 +02:00 · 2025-08-06 08:54:56 +02:00
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
--- a/lib/symfony/web-profiler-bundle/Controller/RouterController.php
+++ b/lib/symfony/web-profiler-bundle/Controller/RouterController.php
@@ -40,7 +40,7 @@ class RouterController
     */
    private iterable $expressionLanguageProviders;

-    public function __construct(?Profiler $profiler, Environment $twig, UrlMatcherInterface $matcher = null, RouteCollection $routes = null, iterable $expressionLanguageProviders = [])
+    public function __construct(?Profiler $profiler, Environment $twig, ?UrlMatcherInterface $matcher = null, ?RouteCollection $routes = null, iterable $expressionLanguageProviders = [])
    {
        $this->profiler = $profiler;
        $this->twig = $twig;
@@ -83,10 +83,10 @@ class RouterController
     */
    private function getTraces(RequestDataCollector $request, string $method): array
    {
-        $traceRequest = Request::create(
-            $request->getPathInfo(),
-            $request->getRequestServer(true)->get('REQUEST_METHOD'),
-            \in_array($request->getMethod(), ['DELETE', 'PATCH', 'POST', 'PUT'], true) ? $request->getRequestRequest()->all() : $request->getRequestQuery()->all(),
+        $traceRequest = new Request(
+            $request->getRequestQuery()->all(),
+            $request->getRequestRequest()->all(),
+            $request->getRequestAttributes()->all(),
            $request->getRequestCookies(true)->all(),
            [],
            $request->getRequestServer(true)->all()