N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)
2026-04-26 03:58:45 +02:00 · 2025-08-06 08:54:56 +02:00
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
--- a/lib/symfony/web-profiler-bundle/Resources/views/Collector/form.html.twig
+++ b/lib/symfony/web-profiler-bundle/Resources/views/Collector/form.html.twig
@@ -458,7 +458,7 @@
                </div>
            </div>

-            <div class="tab {{ data.submitted_data ?? [] is empty ? 'disabled' }}">
+            <div class="tab {{ (data.submitted_data ?? []) is empty ? 'disabled' }}">
                <h3 class="tab-title">Submitted Data</h3>

                <div class="tab-content">
@@ -466,7 +466,7 @@
                </div>
            </div>

-            <div class="tab {{ data.passed_options ?? [] is empty ? 'disabled' }}">
+            <div class="tab {{ (data.passed_options ?? []) is empty ? 'disabled' }}">
                <h3 class="tab-title">Passed Options</h3>

                <div class="tab-content">
@@ -474,7 +474,7 @@
                </div>
            </div>

-            <div class="tab {{ data.resolved_options ?? [] is empty ? 'disabled' }}">
+            <div class="tab {{ (data.resolved_options ?? []) is empty ? 'disabled' }}">
                <h3 class="tab-title">Resolved Options</h3>

                <div class="tab-content">
@@ -482,7 +482,7 @@
                </div>
            </div>

-            <div class="tab {{ data.view_vars ?? [] is empty ? 'disabled' }}">
+            <div class="tab {{ (data.view_vars ?? []) is empty ? 'disabled' }}">
                <h3 class="tab-title">View Vars</h3>

                <div class="tab-content">
@@ -646,8 +646,10 @@
                    <td>{{ profiler_dump(value) }}</td>
                    <td>
                        {# values can be stubs #}
-                        {% set option_value = value.value|default(value) %}
-                        {% set resolved_option_value = data.resolved_options[option].value|default(data.resolved_options[option]) %}
+                        {% set option_value = (value.value is defined) ? value.value : value %}
+                        {% set resolved_option_value = (data.resolved_options[option].value is defined)
+                            ? data.resolved_options[option].value
+                            : data.resolved_options[option] %}
                        {% if resolved_option_value == option_value %}
                            <em class="font-normal text-muted">same as passed value</em>
                        {% else %}