composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-25 11:38:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/symfony/web-profiler-bundle/Twig/WebProfilerExtension.php
View File

@@ -17,6 +17,7 @@ use Twig\Environment;
use Twig\Extension\EscaperExtension;
use Twig\Extension\ProfilerExtension;
use Twig\Profiler\Profile;
use Twig\Runtime\EscaperRuntime;
use Twig\TwigFunction;
/**
@@ -37,7 +38,7 @@ class WebProfilerExtension extends ProfilerExtension
private int $stackLevel = 0;
public function __construct(HtmlDumper $dumper = null)
public function __construct(?HtmlDumper $dumper = null)
{
$this->dumper = $dumper ?? new HtmlDumper();
$this->dumper->setOutput($this->output = fopen('php://memory', 'r+'));
@@ -77,7 +78,7 @@ class WebProfilerExtension extends ProfilerExtension
return str_replace("\n</pre", '</pre', rtrim($dump));
}
public function dumpLog(Environment $env, string $message, Data $context = null): string
public function dumpLog(Environment $env, string $message, ?Data $context = null): string
{
$message = self::escape($env, $message);
$message = preg_replace('/&quot;(.*?)&quot;/', '&quot;<b>$1</b>&quot;', $message);
@@ -108,6 +109,12 @@ class WebProfilerExtension extends ProfilerExtension
private static function escape(Environment $env, string $s): string
{
// Twig 3.10 and above
if (class_exists(EscaperRuntime::class)) {
return $env->getRuntime(EscaperRuntime::class)->escape($s);
}
// Twig 3.9
if (method_exists(EscaperExtension::class, 'escape')) {
return EscaperExtension::escape($env, $s);
}