[Routing] Inline defaults and requirements are not working as documented #40701
Labels
Comments
|
+1/ Found that inline requirements doesn't work with important params at all. $varName matched by \{(!)?(\w+)\} pattern and doesn't include !, however Route requirement starts with !Thats why all important params are matching default regex and vulnerable. |
This was referenced Apr 9, 2021
nicolas-grekas
added a commit
that referenced
this issue
Apr 11, 2021
…(Foxprodev) This PR was merged into the 4.4 branch. Discussion ---------- [Routing] Better inline requirements and defaults parsing | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #40749 #40701 | License | MIT | Doc PR | Remove `!` symbol from requirements and defaults array keys in Route class. Leave `!` symbol in Route compiled path for correct token creation. **The only restriction I found:** Important variable can't get default value, only in UrlGenerator. As mentioned in https://github.com/symfony/symfony/blob/0f96ac74847d114c9d9679655bcf3e94b6ba69d1/src/Symfony/Component/Routing/RouteCompiler.php#L217 they are not optional Feel free to help me with some advice. Thank you in advance Commits ------- 2a8c94a [Route] Better inline requirements and defaults parsing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Symfony version(s) affected: 5.2.3 (previous versions are probably affected too)
Description/How to reproduce
Using the syntax
@Route("sitemap/pages.{!_format<xml>?xml}", name="sitemap__pages")as documented here doesn't register the default value properly.Generating the URL like this
$this->generateUrl('sitemap__pages')throws aMissingMandatoryParametersExceptionfor_format.Changing the route definition to
@Route("sitemap/pages.{!_format<xml>?xml}", name="sitemap__pages", defaults={"_format"="xml"})works as expected, but this way I'm specifying the default value twice...Possible Solution
The exception is thrown by https://github.com/symfony/symfony/blob/5.x/src/Symfony/Component/Routing/Generator/UrlGenerator.php#L178. I dumped
$defaultspassed todoGenerateand I found that it contains:The default value for
_formatis not found because of the leading!in the key.Inline defaults and requirements are extracted: https://github.com/symfony/symfony/blob/5.x/src/Symfony/Component/Routing/Route.php#L536
I'm afraid that 826db22 (by @nicolas-grekas) is not compatible with this check: https://github.com/symfony/symfony/blob/5.x/src/Symfony/Component/Routing/Generator/UrlGenerator.php#L177
Unfortunately I can't open a PR because I'm not sure if I should update the way defaults/requirements/params are stored inside the Route object or if I should update the check inside
UrlGenerator.Thank you for your time.
The text was updated successfully, but these errors were encountered: