[HttpFoundation] deprecated finding deep items in Request and ParameterBag

xabbuh · xabbuh · commit 9eff960790ea · 2015-04-10T10:37:23.000+02:00
diff --git a/src/Symfony/Component/HttpFoundation/ParameterBag.php b/src/Symfony/Component/HttpFoundation/ParameterBag.php
@@ -99,54 +99,20 @@ public function add(array $parameters = array())
      * @throws \InvalidArgumentException
      *
      * @api
+     *
+     * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.
      */
     public function get($path, $default = null, $deep = false)
     {
-        if (!$deep || false === $pos = strpos($path, '[')) {
-            return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;
-        }
-
-        $root = substr($path, 0, $pos);
-        if (!array_key_exists($root, $this->parameters)) {
-            return $default;
-        }
-
-        $value = $this->parameters[$root];
-        $currentKey = null;
-        for ($i = $pos, $c = strlen($path); $i < $c; $i++) {
-            $char = $path[$i];
-
-            if ('[' === $char) {
-                if (null !== $currentKey) {
-                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "[" at position %d.', $i));
-                }
-
-                $currentKey = '';
-            } elseif (']' === $char) {
-                if (null === $currentKey) {
-                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "]" at position %d.', $i));
-                }
-
-                if (!is_array($value) || !array_key_exists($currentKey, $value)) {
-                    return $default;
-                }
-
-                $value = $value[$currentKey];
-                $currentKey = null;
-            } else {
-                if (null === $currentKey) {
-                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "%s" at position %d.', $char, $i));
-                }
-
-                $currentKey .= $char;
-            }
+        if (true === $deep) {
+            trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
         }
 
-        if (null !== $currentKey) {
-            throw new \InvalidArgumentException(sprintf('Malformed path. Path must end with "]".'));
+        if (!$deep || false === $pos = strpos($path, '[')) {
+            return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;
         }
 
-        return $value;
+        return ParameterBagUtils::getParameterWithPath($this, $path, $default);
     }
 
     /**
diff --git a/src/Symfony/Component/HttpFoundation/ParameterBagUtils.php b/src/Symfony/Component/HttpFoundation/ParameterBagUtils.php
@@ -0,0 +1,112 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation;
+
+/**
+ * @internal
+ */
+final class ParameterBagUtils
+{
+    /**
+     * Returns a "parameter" value.
+     *
+     * Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
+     *
+     * @param ParameterBag $parameters The parameter bag
+     * @param string       $path       The key
+     * @param mixed        $default    The default value if the parameter key does not exist
+     *
+     * @return mixed
+     *
+     * @throws \InvalidArgumentException when the path is malformed
+     */
+    public static function getParameterWithPath(ParameterBag $parameters, $path, $default = null)
+    {
+        if (false === $pos = strpos($path, '[')) {
+            return $parameters->get($path, $default);
+        }
+
+        $root = substr($path, 0, $pos);
+
+        if (null === $value = $parameters->get($root)) {
+            return $default;
+        }
+
+        return self::parseParameterPath($path, $pos, $value, $default);
+    }
+
+    /**
+     * Returns a request "parameter" value.
+     *
+     * Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
+     *
+     * @param Request $request The request
+     * @param string  $path    The key
+     *
+     * @return mixed
+     *
+     * @throws \InvalidArgumentException when the path is malformed
+     */
+    public static function getRequestParameterWithPath(Request $request, $path)
+    {
+        if (false === $pos = strpos($path, '[')) {
+            return $request->get($path);
+        }
+
+        $root = substr($path, 0, $pos);
+
+        if (null === $value = $request->get($root)) {
+            return;
+        }
+
+        return self::parseParameterPath($path, $pos, $value);
+    }
+
+    private static function parseParameterPath($path, $pos, $value, $default = null)
+    {
+        $currentKey = null;
+        for ($i = $pos, $c = strlen($path); $i < $c; $i++) {
+            $char = $path[$i];
+
+            if ('[' === $char) {
+                if (null !== $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "[" at position %d.', $i));
+                }
+
+                $currentKey = '';
+            } elseif (']' === $char) {
+                if (null === $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "]" at position %d.', $i));
+                }
+
+                if (!is_array($value) || !array_key_exists($currentKey, $value)) {
+                    return $default;
+                }
+
+                $value = $value[$currentKey];
+                $currentKey = null;
+            } else {
+                if (null === $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "%s" at position %d.', $char, $i));
+                }
+
+                $currentKey .= $char;
+            }
+        }
+
+        if (null !== $currentKey) {
+            throw new \InvalidArgumentException(sprintf('Malformed path. Path must end with "]".'));
+        }
+
+        return $value;
+    }
+}
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -743,9 +743,15 @@ public static function getHttpMethodParameterOverride()
      * @param bool   $deep    is parameter deep in multidimensional array
      *
      * @return mixed
+     *
+     * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.
      */
     public function get($key, $default = null, $deep = false)
     {
+        if (true === $deep) {
+            trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
+        }
+
         if ($this !== $result = $this->query->get($key, $this, $deep)) {
             return $result;
         }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php
@@ -86,11 +86,14 @@ public function testGetDoesNotUseDeepByDefault()
     }
 
     /**
+     * @group legacy
      * @dataProvider getInvalidPaths
      * @expectedException \InvalidArgumentException
      */
-    public function testGetDeepWithInvalidPaths($path)
+    public function testLegacyGetDeepWithInvalidPaths($path)
     {
+        $this->iniSet('error_reporting', -1 & ~E_USER_DEPRECATED);
+
         $bag = new ParameterBag(array('foo' => array('bar' => 'moo')));
 
         $bag->get($path, null, true);
@@ -106,8 +109,13 @@ public function getInvalidPaths()
         );
     }
 
-    public function testGetDeep()
+    /**
+     * @group legacy
+     */
+    public function testLegacyGetDeep()
     {
+        $this->iniSet('error_reporting', -1 & ~E_USER_DEPRECATED);
+
         $bag = new ParameterBag(array('foo' => array('bar' => array('moo' => 'boo'))));
 
         $this->assertEquals(array('moo' => 'boo'), $bag->get('foo[bar]', null, true));
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Http\Authentication;
 
+use Symfony\Component\HttpFoundation\ParameterBagUtils;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Psr\Log\LoggerInterface;
@@ -82,7 +83,7 @@ public function setOptions(array $options)
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) {
+        if ($failureUrl = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['failure_path_parameter'])) {
             $this->options['failure_path'] = $failureUrl;
         }
 
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Http\Authentication;
 
+use Symfony\Component\HttpFoundation\ParameterBagUtils;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Http\HttpUtils;
@@ -108,7 +109,7 @@ protected function determineTargetUrl(Request $request)
             return $this->options['default_target_path'];
         }
 
-        if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
+        if ($targetUrl = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['target_path_parameter'])) {
             return $targetUrl;
         }
 
diff --git a/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php b/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter;
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
+use Symfony\Component\HttpFoundation\ParameterBagUtils;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
@@ -98,7 +99,7 @@ public function handle(GetResponseEvent $event)
         }
 
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new LogoutException('Invalid CSRF token.');
diff --git a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -14,6 +14,7 @@
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter;
 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
+use Symfony\Component\HttpFoundation\ParameterBagUtils;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
@@ -101,19 +102,19 @@ protected function requiresAuthentication(Request $request)
     protected function attemptAuthentication(Request $request)
     {
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
 
         if ($this->options['post_only']) {
-            $username = trim($request->request->get($this->options['username_parameter'], null, true));
-            $password = $request->request->get($this->options['password_parameter'], null, true);
+            $username = trim(ParameterBagUtils::getParameterWithPath($request->request, $this->options['username_parameter']));
+            $password = ParameterBagUtils::getParameterWithPath($request->request, $this->options['password_parameter']);
         } else {
-            $username = trim($request->get($this->options['username_parameter'], null, true));
-            $password = $request->get($this->options['password_parameter'], null, true);
+            $username = trim(ParameterBagUtils::getRequestParameterWithPath($request, $this->options['username_parameter']));
+            $password = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['password_parameter']);
         }
 
         $request->getSession()->set(Security::LAST_USERNAME, $username);
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -28,6 +28,7 @@
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Http\Util\ParameterBagUtils;
 
 /**
  * UsernamePasswordFormAuthenticationListener is the default implementation of
@@ -76,19 +77,19 @@ protected function requiresAuthentication(Request $request)
     protected function attemptAuthentication(Request $request)
     {
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = ParameterBagUtils::getDeepParameter($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
 
         if ($this->options['post_only']) {
-            $username = trim($request->request->get($this->options['username_parameter'], null, true));
-            $password = $request->request->get($this->options['password_parameter'], null, true);
+            $username = trim(ParameterBagUtils::getParameterWithPath($request, $this->options['username_parameter']));
+            $password = ParameterBagUtils::getParameterWithPath($request, $this->options['password_parameter']);
         } else {
-            $username = trim($request->get($this->options['username_parameter'], null, true));
-            $password = $request->get($this->options['password_parameter'], null, true);
+            $username = trim(ParameterBagUtils::getDeepParameter($request, $this->options['username_parameter']));
+            $password =  ParameterBagUtils::getDeepParameter($request, $this->options['password_parameter']);
         }
 
         $request->getSession()->set(Security::LAST_USERNAME, $username);
diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Http\RememberMe;
 
+use Symfony\Component\HttpFoundation\ParameterBagUtils;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
@@ -301,7 +302,7 @@ protected function isRememberMeRequested(Request $request)
             return true;
         }
 
-        $parameter = $request->get($this->options['remember_me_parameter'], null, true);
+        $parameter = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['remember_me_parameter']);
 
         if (null === $parameter && null !== $this->logger) {
             $this->logger->debug('Did not send remember-me cookie.', array('parameter' => $this->options['remember_me_parameter']));
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
@@ -145,7 +145,7 @@ public function testFailurePathCanBeOverwritten()
     public function testFailurePathCanBeOverwrittenWithRequest()
     {
         $this->request->expects($this->once())
-            ->method('get')->with('_failure_path', null, true)
+            ->method('get')->with('_failure_path', null, false)
             ->will($this->returnValue('/auth/login'));
 
         $this->httpUtils->expects($this->once())
@@ -160,7 +160,7 @@ public function testFailurePathParameterCanBeOverwritten()
         $options = array('failure_path_parameter' => '_my_failure_path');
 
         $this->request->expects($this->once())
-            ->method('get')->with('_my_failure_path', null, true)
+            ->method('get')->with('_my_failure_path', null, false)
             ->will($this->returnValue('/auth/login'));
 
         $this->httpUtils->expects($this->once())

Original file line number	Diff line number	Diff line change
`@@ -743,9 +743,15 @@ public static function getHttpMethodParameterOverride()`
`743`	`743`	`* @param bool $deep is parameter deep in multidimensional array`
`744`	`744`	`*`
`745`	`745`	`* @return mixed`
	`746`	`+ *`
	`747`	`+ * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.`
`746`	`748`	`*/`
`747`	`749`	`public function get($key, $default = null, $deep = false)`
`748`	`750`	`{`
	`751`	`+ if (true === $deep) {`
	`752`	`+ trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);`
	`753`	`+ }`
	`754`	`+`
`749`	`755`	`if ($this !== $result = $this->query->get($key, $this, $deep)) {`
`750`	`756`	`return $result;`
`751`	`757`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Http\Authentication;`
`13`	`13`
	`14`	`+use Symfony\Component\HttpFoundation\ParameterBagUtils;`
`14`	`15`	`use Symfony\Component\HttpFoundation\Request;`
`15`	`16`	`use Symfony\Component\HttpKernel\HttpKernelInterface;`
`16`	`17`	`use Psr\Log\LoggerInterface;`
`@@ -82,7 +83,7 @@ public function setOptions(array $options)`
`82`	`83`	`*/`
`83`	`84`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception)`
`84`	`85`	`{`
`85`		`- if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) {`
	`86`	`+ if ($failureUrl = ParameterBagUtils::getRequestParameterWithPath($request, $this->options['failure_path_parameter'])) {`
`86`	`87`	`$this->options['failure_path'] = $failureUrl;`
`87`	`88`	`}`
`88`	`89`