Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpKernel] Deprecate checking for cacheable HTTP methods in Request::isMethodSafe() #20603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 24, 2016
Merged

[HttpKernel] Deprecate checking for cacheable HTTP methods in Request::isMethodSafe() #20603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public function prepare(Request $request)

if (!$this->headers->has('Accept-Ranges')) {
// Only accept ranges on safe HTTP methods
$this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
$this->headers->set('Accept-Ranges', $request->isMethodSafe(false) ? 'bytes' : 'none');
}

if (!$this->headers->has('Content-Type')) {
Expand Down
12 changes: 11 additions & 1 deletion src/Symfony/Component/HttpFoundation/Request.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1475,10 +1475,20 @@ public function isMethod($method)
/**
* Checks whether or not the method is safe.
*
* @param bool $andCacheable Adds the additional condition that the method should be cacheable. True by default.
*
* @return bool
*/
public function isMethodSafe()
public function isMethodSafe(/* $andCacheable = true */)
{
if (!func_num_args() || func_get_arg(0)) {
// This deprecation should be turned into a BadMethodCallException in 4.0 (without adding the argument in the signature)
// then setting $andCacheable to false should be deprecated in 4.1
@trigger_error('Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since version 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.', E_USER_DEPRECATED);

return in_array($this->getMethod(), array('GET', 'HEAD'));
}

return in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
}

Expand Down
13 changes: 12 additions & 1 deletion src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1994,7 +1994,7 @@ public function testMethodSafe($method, $safe)
{
$request = new Request();
$request->setMethod($method);
$this->assertEquals($safe, $request->isMethodSafe());
$this->assertEquals($safe, $request->isMethodSafe(false));
}

public function methodSafeProvider()
Expand All @@ -2013,6 +2013,17 @@ public function methodSafeProvider()
);
}

/**
* @group legacy
* @expectedDeprecation Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since version 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.
*/
public function testMethodSafeChecksCacheable()
{
$request = new Request();
$request->setMethod('OPTION');
$this->assertFalse($request->isMethodSafe());
}

/**
* @dataProvider methodCacheableProvider
*/
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public function onKernelRequest(GetResponseEvent $event)
protected function validateRequest(Request $request)
{
// is the Request safe?
if (!$request->isMethodSafe()) {
if (!$request->isMethodSafe(false)) {
throw new AccessDeniedHttpException();
}

Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQ
}
$this->traces[$request->getMethod().' '.$path] = array();

if (!$request->isMethodSafe()) {
if (!$request->isMethodSafe(false)) {
$response = $this->invalidate($request, $catch);
} elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
$response = $this->pass($request, $catch);
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ private function startAuthentication(Request $request, AuthenticationException $
protected function setTargetPath(Request $request)
{
// session isn't required when using HTTP basic authentication mechanism for example
if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
if ($request->hasSession() && $request->isMethodSafe(false) && !$request->isXmlHttpRequest()) {
$this->saveTargetPath($request->getSession(), $this->providerKey, $request->getUri());
}
}
Expand Down