Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 828ce34

Browse files
fabpotfabpot
committed
bug #32838 [FrameworkBundle] Detect indirect env vars in routing (ro0NL)
This PR was squashed before being merged into the 3.4 branch (closes #32838). Discussion ---------- [FrameworkBundle] Detect indirect env vars in routing | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no <!-- see https://symfony.com/bc --> | Deprecations? | no | Tests pass? | yes <!-- please add some, will be required by reviewers --> | Fixed tickets | #32366 | License | MIT | Doc PR | symfony/symfony-docs#... <!-- required for new features --> This detects indirect env parameters in routing, which doesnt work according to #32366. cc @nicolas-grekas @bendavies please verify, as im not really into routing internals Commits ------- ceaa1b3 [FrameworkBundle] Detect indirect env vars in routing
2 parents 8ca5cfc + ceaa1b3 commit 828ce34

File tree

2 files changed

+21
-4
lines changed

2 files changed

+21
-4
lines changed

src/Symfony/Bundle/FrameworkBundle/Routing/Router.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ private function resolve($value)
147147
return '%%';
148148
}
149149

150-
if (preg_match('/^env\(\w+\)$/', $match[1])) {
150+
if (preg_match('/^env\((?:\w++:)*+\w++\)$/', $match[1])) {
151151
throw new RuntimeException(sprintf('Using "%%%s%%" is not allowed in routing configuration.', $match[1]));
152152
}
153153

@@ -156,7 +156,7 @@ private function resolve($value)
156156
if (\is_string($resolved) || is_numeric($resolved)) {
157157
$this->collectedParameters[$match[1]] = $resolved;
158158

159-
return (string) $resolved;
159+
return (string) $this->resolve($resolved);
160160
}
161161

162162
throw new RuntimeException(sprintf('The container parameter "%s", used in the route configuration value "%s", must be a string or numeric, but it is of type %s.', $match[1], $value, \gettype($resolved)));

src/Symfony/Bundle/FrameworkBundle/Tests/Routing/RouterTest.php

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Bundle\FrameworkBundle\Routing\Router;
1616
use Symfony\Component\DependencyInjection\Config\ContainerParametersResource;
17+
use Symfony\Component\DependencyInjection\Exception\RuntimeException;
1718
use Symfony\Component\Routing\Route;
1819
use Symfony\Component\Routing\RouteCollection;
1920

@@ -122,13 +123,13 @@ public function testPatternPlaceholders()
122123
$routes->add('foo', new Route('/before/%parameter.foo%/after/%%escaped%%'));
123124

124125
$sc = $this->getServiceContainer($routes);
125-
$sc->setParameter('parameter.foo', 'foo');
126+
$sc->setParameter('parameter.foo', 'foo-%%escaped%%');
126127

127128
$router = new Router($sc, 'foo');
128129
$route = $router->getRouteCollection()->get('foo');
129130

130131
$this->assertEquals(
131-
'/before/foo/after/%escaped%',
132+
'/before/foo-%escaped%/after/%escaped%',
132133
$route->getPath()
133134
);
134135
}
@@ -145,6 +146,22 @@ public function testEnvPlaceholders()
145146
$router->getRouteCollection();
146147
}
147148

149+
public function testIndirectEnvPlaceholders()
150+
{
151+
$routes = new RouteCollection();
152+
153+
$routes->add('foo', new Route('/%foo%'));
154+
155+
$router = new Router($container = $this->getServiceContainer($routes), 'foo');
156+
$container->setParameter('foo', 'foo-%bar%');
157+
$container->setParameter('bar', '%env(string:FOO)%');
158+
159+
$this->expectException(RuntimeException::class);
160+
$this->expectExceptionMessage('Using "%env(string:FOO)%" is not allowed in routing configuration.');
161+
162+
$router->getRouteCollection();
163+
}
164+
148165
public function testHostPlaceholders()
149166
{
150167
$routes = new RouteCollection();

0 commit comments

Comments
 (0)