composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-29 13:38:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/symfony/web-profiler-bundle/Resources/views/Collector/form.html.twig
View File

@@ -458,7 +458,7 @@
</div>
</div>
<div class="tab {{ data.submitted_data ?? [] is empty ? 'disabled' }}">
<div class="tab {{ (data.submitted_data ?? []) is empty ? 'disabled' }}">
<h3 class="tab-title">Submitted Data</h3>
<div class="tab-content">
@@ -466,7 +466,7 @@
</div>
</div>
<div class="tab {{ data.passed_options ?? [] is empty ? 'disabled' }}">
<div class="tab {{ (data.passed_options ?? []) is empty ? 'disabled' }}">
<h3 class="tab-title">Passed Options</h3>
<div class="tab-content">
@@ -474,7 +474,7 @@
</div>
</div>
<div class="tab {{ data.resolved_options ?? [] is empty ? 'disabled' }}">
<div class="tab {{ (data.resolved_options ?? []) is empty ? 'disabled' }}">
<h3 class="tab-title">Resolved Options</h3>
<div class="tab-content">
@@ -482,7 +482,7 @@
</div>
</div>
<div class="tab {{ data.view_vars ?? [] is empty ? 'disabled' }}">
<div class="tab {{ (data.view_vars ?? []) is empty ? 'disabled' }}">
<h3 class="tab-title">View Vars</h3>
<div class="tab-content">
@@ -646,8 +646,10 @@
<td>{{ profiler_dump(value) }}</td>
<td>
{# values can be stubs #}
{% set option_value = value.value|default(value) %}
{% set resolved_option_value = data.resolved_options[option].value|default(data.resolved_options[option]) %}
{% set option_value = (value.value is defined) ? value.value : value %}
{% set resolved_option_value = (data.resolved_options[option].value is defined)
? data.resolved_options[option].value
: data.resolved_options[option] %}
{% if resolved_option_value == option_value %}
<em class="font-normal text-muted">same as passed value</em>
{% else %}

74
lib/symfony/web-profiler-bundle/Resources/views/Collector/mailer.html.twig
View File

@@ -278,8 +278,24 @@
{% for event in collector.events.events(transport) %}
<tr class="mailer-email-summary-table-row {{ loop.first ? 'active' }}" data-target="#email-{{ loop.index }}">
<td>{{ loop.index }}</td>
<td>{{ event.message.getSubject() ?? '(No subject)' }}</td>
<td>{{ event.message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</td>
<td>
{% if event.message.subject is defined %}
{{ event.message.getSubject() ?? '(No subject)' }}
{% elseif event.message.headers.has('subject') %}
{{ event.message.headers.get('subject').bodyAsString()|default('(No subject)') }}
{% else %}
(No subject)
{% endif %}
</td>
<td>
{% if event.message.to is defined %}
{{ event.message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
{% elseif event.message.headers.has('to') %}
{{ event.message.headers.get('to').bodyAsString()|default('(empty)') }}
{% else %}
(empty)
{% endif %}
</td>
<td class="visually-hidden"><button class="mailer-email-summary-table-row-button" data-target="#email-{{ loop.index }}">View email details</button></td>
</tr>
{% endfor %}
@@ -323,18 +339,42 @@
<div class="tab-content">
<div class="card-block">
<p class="mailer-message-subject">
{{ message.getSubject() ?? '(No subject)' }}
{% if message.subject is defined %}
{{ message.getSubject() ?? '(No subject)' }}
{% elseif message.headers.has('subject') %}
{{ message.headers.get('subject').bodyAsString()|default('(No subject)') }}
{% else %}
(No subject)
{% endif %}
</p>
<div class="mailer-message-headers">
<p><strong>From:</strong> {{ message.getFrom()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</p>
<p><strong>To:</strong> {{ message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}</p>
<p>
<strong>From:</strong>
{% if message.from is defined %}
{{ message.getFrom()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
{% elseif message.headers.has('from') %}
{{ message.headers.get('from').bodyAsString()|default('(empty)') }}
{% else %}
(empty)
{% endif %}
</p>
<p>
<strong>To:</strong>
{% if message.to is defined %}
{{ message.getTo()|map(addr => addr.toString())|join(', ')|default('(empty)') }}
{% elseif message.headers.has('to') %}
{{ message.headers.get('to').bodyAsString()|default('(empty)') }}
{% else %}
(empty)
{% endif %}
</p>
{% for header in message.headers.all|filter(header => (header.name ?? '')|lower not in ['subject', 'from', 'to']) %}
<p class="mailer-message-header-secondary">{{ header.toString }}</p>
{% endfor %}
</div>
</div>
{% if message.attachments %}
{% if message.attachments is defined and message.attachments %}
<div class="card-block">
{% set num_of_attachments = message.attachments|length %}
{% set total_attachments_size_in_bytes = message.attachments|reduce((total_size, attachment) => total_size + attachment.body|length, 0) %}
@@ -364,9 +404,10 @@
{% endif %}
<div class="card-block">
{% set textBody = message.textBody %}
{% set htmlBody = message.htmlBody %}
<div class="sf-tabs sf-tabs-sm">
{% if message.htmlBody is defined %}
{% set textBody = message.textBody %}
{% set htmlBody = message.htmlBody %}
<div class="tab {{ not textBody ? 'disabled' }} {{ textBody ? 'active' }}">
<h3 class="tab-title">Text content</h3>
<div class="tab-content">
@@ -414,6 +455,23 @@
{% endif %}
</div>
</div>
{% else %}
{% set body = message.body ? message.body.toString() : null %}
<div class="tab {{ not body ? 'disabled' }} {{ body ? 'active' }}">
<h3 class="tab-title">Content</h3>
<div class="tab-content">
{% if body %}
<pre class="mailer-email-body prewrap" style="max-height: 600px">
{{- body }}
</pre>
{% else %}
<div class="mailer-empty-email-body">
<p>The body is empty.</p>
</div>
{% endif %}
</div>
</div>
{% endif %}
</div>
</div>
</div>

12
lib/symfony/web-profiler-bundle/Resources/views/Collector/notifier.html.twig
View File

@@ -134,11 +134,11 @@
<h3 class="tab-title">Notification</h3>
<div class="tab-content">
<pre class="prewrap" style="max-height: 600px">
{{- 'Subject: ' ~ notification.getSubject() }}<br>
{{- 'Content: ' ~ notification.getContent() }}<br>
{{- 'Importance: ' ~ notification.getImportance() }}<br>
{{- 'Emoji: ' ~ (notification.getEmoji() is empty ? '(empty)' : notification.getEmoji()) }}<br>
{{- 'Exception: ' ~ notification.getException() ?? '(empty)' }}<br>
{{- 'Subject: ' ~ notification.getSubject() }}<br/>
{{- 'Content: ' ~ notification.getContent() }}<br/>
{{- 'Importance: ' ~ notification.getImportance() }}<br/>
{{- 'Emoji: ' ~ (notification.getEmoji() is empty ? '(empty)' : notification.getEmoji()) }}<br/>
{{- 'Exception: ' ~ (notification.getException() ?? '(empty)') }}<br/>
{{- 'ExceptionAsString: ' ~ (notification.getExceptionAsString() is empty ? '(empty)' : notification.getExceptionAsString()) }}
</pre>
</div>
@@ -151,7 +151,7 @@
{%- if message.getOptions() is null %}
{{- '(empty)' }}
{%- else %}
{{- message.getOptions()|json_encode(constant('JSON_PRETTY_PRINT')) }}
{{- message.getOptions().toArray()|json_encode(constant('JSON_PRETTY_PRINT')) }}
{%- endif %}
</pre>
</div>

1
lib/symfony/web-profiler-bundle/Resources/views/Collector/workflow.html.twig
View File

@@ -60,6 +60,7 @@
dialog table td {
padding: .625em;
text-align: center;
word-wrap: break-word;
}
dialog table th {