⬆️ N°4770 Update to latest Symfony 3.4

2026-04-21 17:48:43 +02:00 · 2022-02-10 15:18:50 +01:00
parent b494ff2ce6
commit f29a8792af
401 changed files with 4329 additions and 2378 deletions
--- a/lib/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php
+++ b/lib/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php
@@ -11,6 +11,8 @@

 namespace Symfony\Component\HttpFoundation\Session\Storage\Handler;

+use Symfony\Component\HttpFoundation\Session\SessionUtils;
+
 /**
 * This abstract session handler provides a generic implementation
 * of the PHP 7.0 SessionUpdateTimestampHandlerInterface,
@@ -27,7 +29,7 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
    private $igbinaryEmptyData;

    /**
-     * {@inheritdoc}
+     * @return bool
     */
    public function open($savePath, $sessionName)
    {
@@ -62,18 +64,27 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
    abstract protected function doDestroy($sessionId);

    /**
-     * {@inheritdoc}
+     * @return bool
     */
    public function validateId($sessionId)
    {
        $this->prefetchData = $this->read($sessionId);
        $this->prefetchId = $sessionId;

+        if (\PHP_VERSION_ID < 70317 || (70400 <= \PHP_VERSION_ID && \PHP_VERSION_ID < 70405)) {
+            // work around https://bugs.php.net/79413
+            foreach (debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS) as $frame) {
+                if (!isset($frame['class']) && isset($frame['function']) && \in_array($frame['function'], ['session_regenerate_id', 'session_create_id'], true)) {
+                    return '' === $this->prefetchData;
+                }
+            }
+        }
+
        return '' !== $this->prefetchData;
    }

    /**
-     * {@inheritdoc}
+     * @return string
     */
    public function read($sessionId)
    {
@@ -99,7 +110,7 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
    }

    /**
-     * {@inheritdoc}
+     * @return bool
     */
    public function write($sessionId, $data)
    {
@@ -124,43 +135,35 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
    }

    /**
-     * {@inheritdoc}
+     * @return bool
     */
    public function destroy($sessionId)
    {
        if (\PHP_VERSION_ID < 70000) {
            $this->prefetchData = null;
        }
-        if (!headers_sent() && filter_var(ini_get('session.use_cookies'), FILTER_VALIDATE_BOOLEAN)) {
+        if (!headers_sent() && filter_var(ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOLEAN)) {
            if (!$this->sessionName) {
-                throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', \get_class($this)));
+                throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class));
            }
-            $sessionCookie = sprintf(' %s=', urlencode($this->sessionName));
-            $sessionCookieWithId = sprintf('%s%s;', $sessionCookie, urlencode($sessionId));
-            $sessionCookieFound = false;
-            $otherCookies = [];
-            foreach (headers_list() as $h) {
-                if (0 !== stripos($h, 'Set-Cookie:')) {
-                    continue;
-                }
-                if (11 === strpos($h, $sessionCookie, 11)) {
-                    $sessionCookieFound = true;
+            $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);

-                    if (11 !== strpos($h, $sessionCookieWithId, 11)) {
-                        $otherCookies[] = $h;
-                    }
+            /*
+             * We send an invalidation Set-Cookie header (zero lifetime)
+             * when either the session was started or a cookie with
+             * the session name was sent by the client (in which case
+             * we know it's invalid as a valid session cookie would've
+             * started the session).
+             */
+            if (null === $cookie || isset($_COOKIE[$this->sessionName])) {
+                if (\PHP_VERSION_ID < 70300) {
+                    setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), \FILTER_VALIDATE_BOOLEAN));
                } else {
-                    $otherCookies[] = $h;
+                    $params = session_get_cookie_params();
+                    unset($params['lifetime']);
+                    setcookie($this->sessionName, '', $params);
                }
            }
-            if ($sessionCookieFound) {
-                header_remove('Set-Cookie');
-                foreach ($otherCookies as $h) {
-                    header($h, false);
-                }
-            } else {
-                setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN));
-            }
        }

        return $this->newSessionId === $sessionId || $this->doDestroy($sessionId);