mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-26 12:08:47 +02:00
N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
@@ -458,7 +458,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="tab {{ data.submitted_data ?? [] is empty ? 'disabled' }}">
|
||||
<div class="tab {{ (data.submitted_data ?? []) is empty ? 'disabled' }}">
|
||||
<h3 class="tab-title">Submitted Data</h3>
|
||||
|
||||
<div class="tab-content">
|
||||
@@ -466,7 +466,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="tab {{ data.passed_options ?? [] is empty ? 'disabled' }}">
|
||||
<div class="tab {{ (data.passed_options ?? []) is empty ? 'disabled' }}">
|
||||
<h3 class="tab-title">Passed Options</h3>
|
||||
|
||||
<div class="tab-content">
|
||||
@@ -474,7 +474,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="tab {{ data.resolved_options ?? [] is empty ? 'disabled' }}">
|
||||
<div class="tab {{ (data.resolved_options ?? []) is empty ? 'disabled' }}">
|
||||
<h3 class="tab-title">Resolved Options</h3>
|
||||
|
||||
<div class="tab-content">
|
||||
@@ -482,7 +482,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="tab {{ data.view_vars ?? [] is empty ? 'disabled' }}">
|
||||
<div class="tab {{ (data.view_vars ?? []) is empty ? 'disabled' }}">
|
||||
<h3 class="tab-title">View Vars</h3>
|
||||
|
||||
<div class="tab-content">
|
||||
@@ -646,8 +646,10 @@
|
||||
<td>{{ profiler_dump(value) }}</td>
|
||||
<td>
|
||||
{# values can be stubs #}
|
||||
{% set option_value = value.value|default(value) %}
|
||||
{% set resolved_option_value = data.resolved_options[option].value|default(data.resolved_options[option]) %}
|
||||
{% set option_value = (value.value is defined) ? value.value : value %}
|
||||
{% set resolved_option_value = (data.resolved_options[option].value is defined)
|
||||
? data.resolved_options[option].value
|
||||
: data.resolved_options[option] %}
|
||||
{% if resolved_option_value == option_value %}
|
||||
<em class="font-normal text-muted">same as passed value</em>
|
||||
{% else %}
|
||||
|
||||
@@ -278,8 +278,24 @@
|
||||
{% for event in collector.events.events(transport) %}
|
||||
<tr class="mailer-email-summary-table-row {{ loop.first ? 'active' }}" data-target="#email-{{ loop.index }}">
|
||||
<td>{{ loop.index }}</td>
|
||||
<td>{{ event.message.getSubject() ?? '(No subject)' }}</td>
|
||||
<td>{{ event.message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</td>
|
||||
<td>
|
||||
{% if event.message.subject is defined %}
|
||||
{{ event.message.getSubject() ?? '(No subject)' }}
|
||||
{% elseif event.message.headers.has('subject') %}
|
||||
{{ event.message.headers.get('subject').bodyAsString()|default('(No subject)') }}
|
||||
{% else %}
|
||||
(No subject)
|
||||
{% endif %}
|
||||
</td>
|
||||
<td>
|
||||
{% if event.message.to is defined %}
|
||||
{{ event.message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
|
||||
{% elseif event.message.headers.has('to') %}
|
||||
{{ event.message.headers.get('to').bodyAsString()|default('(empty)') }}
|
||||
{% else %}
|
||||
(empty)
|
||||
{% endif %}
|
||||
</td>
|
||||
<td class="visually-hidden"><button class="mailer-email-summary-table-row-button" data-target="#email-{{ loop.index }}">View email details</button></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
@@ -323,18 +339,42 @@
|
||||
<div class="tab-content">
|
||||
<div class="card-block">
|
||||
<p class="mailer-message-subject">
|
||||
{{ message.getSubject() ?? '(No subject)' }}
|
||||
{% if message.subject is defined %}
|
||||
{{ message.getSubject() ?? '(No subject)' }}
|
||||
{% elseif message.headers.has('subject') %}
|
||||
{{ message.headers.get('subject').bodyAsString()|default('(No subject)') }}
|
||||
{% else %}
|
||||
(No subject)
|
||||
{% endif %}
|
||||
</p>
|
||||
<div class="mailer-message-headers">
|
||||
<p><strong>From:</strong> {{ message.getFrom()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</p>
|
||||
<p><strong>To:</strong> {{ message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</p>
|
||||
<p>
|
||||
<strong>From:</strong>
|
||||
{% if message.from is defined %}
|
||||
{{ message.getFrom()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
|
||||
{% elseif message.headers.has('from') %}
|
||||
{{ message.headers.get('from').bodyAsString()|default('(empty)') }}
|
||||
{% else %}
|
||||
(empty)
|
||||
{% endif %}
|
||||
</p>
|
||||
<p>
|
||||
<strong>To:</strong>
|
||||
{% if message.to is defined %}
|
||||
{{ message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
|
||||
{% elseif message.headers.has('to') %}
|
||||
{{ message.headers.get('to').bodyAsString()|default('(empty)') }}
|
||||
{% else %}
|
||||
(empty)
|
||||
{% endif %}
|
||||
</p>
|
||||
{% for header in message.headers.all|filter(header => (header.name ?? '')|lower not in ['subject', 'from', 'to']) %}
|
||||
<p class="mailer-message-header-secondary">{{ header.toString }}</p>
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% if message.attachments %}
|
||||
{% if message.attachments is defined and message.attachments %}
|
||||
<div class="card-block">
|
||||
{% set num_of_attachments = message.attachments|length %}
|
||||
{% set total_attachments_size_in_bytes = message.attachments|reduce((total_size, attachment) => total_size + attachment.body|length, 0) %}
|
||||
@@ -364,9 +404,10 @@
|
||||
{% endif %}
|
||||
|
||||
<div class="card-block">
|
||||
{% set textBody = message.textBody %}
|
||||
{% set htmlBody = message.htmlBody %}
|
||||
<div class="sf-tabs sf-tabs-sm">
|
||||
{% if message.htmlBody is defined %}
|
||||
{% set textBody = message.textBody %}
|
||||
{% set htmlBody = message.htmlBody %}
|
||||
<div class="tab {{ not textBody ? 'disabled' }} {{ textBody ? 'active' }}">
|
||||
<h3 class="tab-title">Text content</h3>
|
||||
<div class="tab-content">
|
||||
@@ -414,6 +455,23 @@
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% else %}
|
||||
{% set body = message.body ? message.body.toString() : null %}
|
||||
<div class="tab {{ not body ? 'disabled' }} {{ body ? 'active' }}">
|
||||
<h3 class="tab-title">Content</h3>
|
||||
<div class="tab-content">
|
||||
{% if body %}
|
||||
<pre class="mailer-email-body prewrap" style="max-height: 600px">
|
||||
{{- body }}
|
||||
</pre>
|
||||
{% else %}
|
||||
<div class="mailer-empty-email-body">
|
||||
<p>The body is empty.</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -134,11 +134,11 @@
|
||||
<h3 class="tab-title">Notification</h3>
|
||||
<div class="tab-content">
|
||||
<pre class="prewrap" style="max-height: 600px">
|
||||
{{- 'Subject: ' ~ notification.getSubject() }}<br>
|
||||
{{- 'Content: ' ~ notification.getContent() }}<br>
|
||||
{{- 'Importance: ' ~ notification.getImportance() }}<br>
|
||||
{{- 'Emoji: ' ~ (notification.getEmoji() is empty ? '(empty)' : notification.getEmoji()) }}<br>
|
||||
{{- 'Exception: ' ~ notification.getException() ?? '(empty)' }}<br>
|
||||
{{- 'Subject: ' ~ notification.getSubject() }}<br/>
|
||||
{{- 'Content: ' ~ notification.getContent() }}<br/>
|
||||
{{- 'Importance: ' ~ notification.getImportance() }}<br/>
|
||||
{{- 'Emoji: ' ~ (notification.getEmoji() is empty ? '(empty)' : notification.getEmoji()) }}<br/>
|
||||
{{- 'Exception: ' ~ (notification.getException() ?? '(empty)') }}<br/>
|
||||
{{- 'ExceptionAsString: ' ~ (notification.getExceptionAsString() is empty ? '(empty)' : notification.getExceptionAsString()) }}
|
||||
</pre>
|
||||
</div>
|
||||
@@ -151,7 +151,7 @@
|
||||
{%- if message.getOptions() is null %}
|
||||
{{- '(empty)' }}
|
||||
{%- else %}
|
||||
{{- message.getOptions()|json_encode(constant('JSON_PRETTY_PRINT')) }}
|
||||
{{- message.getOptions().toArray()|json_encode(constant('JSON_PRETTY_PRINT')) }}
|
||||
{%- endif %}
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
@@ -60,6 +60,7 @@
|
||||
dialog table td {
|
||||
padding: .625em;
|
||||
text-align: center;
|
||||
word-wrap: break-word;
|
||||
}
|
||||
|
||||
dialog table th {
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="{{ _charset }}">
|
||||
<meta name="robots" content="noindex,nofollow">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
<meta charset="{{ _charset }}" />
|
||||
<meta name="robots" content="noindex,nofollow" />
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1" />
|
||||
<title>{% block title %}Symfony Profiler{% endblock %}</title>
|
||||
|
||||
{% set request_collector = profile is defined ? profile.collectors.request|default(null) : null %}
|
||||
|
||||
@@ -75,7 +75,7 @@
|
||||
}
|
||||
|
||||
tab.addEventListener('click', function(e) {
|
||||
const activeTab = e.target || e.srcElement;
|
||||
let activeTab = e.target || e.srcElement;
|
||||
|
||||
/* needed because when the tab contains HTML contents, user can click */
|
||||
/* on any of those elements instead of their parent '<button>' element */
|
||||
@@ -122,6 +122,12 @@
|
||||
}
|
||||
|
||||
toggle.addEventListener('click', (e) => {
|
||||
const toggle = e.currentTarget;
|
||||
|
||||
if (e.target.closest('a, .sf-toggle') !== toggle) {
|
||||
return;
|
||||
}
|
||||
|
||||
e.preventDefault();
|
||||
|
||||
if ('' !== window.getSelection().toString()) {
|
||||
@@ -129,9 +135,6 @@
|
||||
return;
|
||||
}
|
||||
|
||||
/* needed because when the toggle contains HTML contents, user can click */
|
||||
/* on any of those elements instead of their parent '.sf-toggle' element */
|
||||
const toggle = e.target.closest('.sf-toggle');
|
||||
const element = document.querySelector(toggle.getAttribute('data-toggle-selector'));
|
||||
|
||||
toggle.classList.toggle('sf-toggle-on');
|
||||
@@ -154,14 +157,6 @@
|
||||
toggle.innerHTML = currentContent !== altContent ? altContent : originalContent;
|
||||
});
|
||||
|
||||
/* Prevents from disallowing clicks on links inside toggles */
|
||||
const toggleLinks = toggle.querySelectorAll('a');
|
||||
toggleLinks.forEach((toggleLink) => {
|
||||
toggleLink.addEventListener('click', (e) => {
|
||||
e.stopPropagation();
|
||||
});
|
||||
});
|
||||
|
||||
toggle.setAttribute('data-processed', 'true');
|
||||
});
|
||||
}
|
||||
|
||||
@@ -40,6 +40,7 @@
|
||||
#source .source-content ol li {
|
||||
margin: 0 0 2px 0;
|
||||
padding-left: 5px;
|
||||
white-space: preserve nowrap;
|
||||
}
|
||||
#source .source-content ol li::marker {
|
||||
color: var(--color-muted);
|
||||
|
||||
@@ -35,7 +35,9 @@
|
||||
{% endblock %}
|
||||
|
||||
{% block sidebar_search_css_class %}{% endblock %}
|
||||
{% block sidebar_shortcuts_links %}{% endblock %}
|
||||
{% block sidebar_shortcuts_links %}
|
||||
{{ parent() }}
|
||||
{% endblock %}
|
||||
|
||||
{% block panel %}
|
||||
<div class="sf-tabs" data-processed="true">
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
</div>
|
||||
<div id="sfToolbarClearer-{{ token }}" class="sf-toolbar-clearer"></div>
|
||||
|
||||
<div id="sfToolbarMainContent-{{ token }}" class="sf-toolbarreset notranslate clear-fix" data-no-turbolink>
|
||||
<div id="sfToolbarMainContent-{{ token }}" class="sf-toolbarreset notranslate clear-fix" data-no-turbolink data-turbo="false">
|
||||
{% for name, template in templates %}
|
||||
{% if block('toolbar', template) is defined %}
|
||||
{% with {
|
||||
|
||||
Reference in New Issue
Block a user