Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Intl] Switch from json to php resources #34214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Intl] Switch from json to php resources #34214

wants to merge 1 commit into from

Conversation

jakzal
Copy link
Contributor

@jakzal jakzal commented Nov 1, 2019
edited
Loading

Q A
Branch? 3.4
Bug fix? no
New feature? no
Deprecations? no
Tickets Fix #23545
License MIT
Doc PR -

Benchmarks below were run on PHP 7.3.9. Average was taken for ten runs of each script.

Memory & Peak Memory was 2048kB in all cases.

Benchmark Time (no opcache) Time (opcache)
json 5ms 5ms
php 9ms 2ms

jakzal
jakzal commented Nov 1, 2019
View reviewed changes
src/Symfony/Component/Intl/Data/Generator/CurrencyDataGenerator.php
$symbolNamePairs = iterator_to_array($rootBundle['Currencies']);
$symbolNamePairs = array_map(function ($pair) {
return array_slice(iterator_to_array($pair), 0, 2);
}, iterator_to_array($rootBundle['Currencies']));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to do this so that php generator doesn't dump the following invalid code:

        'ESP' => [
            0 => '',
            1 => 'pesseta espanyola',
            2 => 
            ResourceBundle::__set_state(array(
            )],
        ],

Json generator used to simply dump {}.

We never use the third index. It's hardly ever present. If we dumped it it would like like this:

        'ESP' => [
            0 => '',
            1 => 'pesseta espanyola',
            2 => [
                0 => '¤ #,##0.00',
                1 => ',',
                2 => '.',
            ],
        ],

@jakzal jakzal force-pushed the intl-php-resources branch from 07ccf85 to 85630ac Compare November 1, 2019 16:12
@jakzal
Copy link
Contributor Author

jakzal commented Nov 1, 2019

Question: Since from now on we'd be including php files directly, are there any security implications? The PhpBundleReader does this:

return include $fileName;

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Nov 4, 2019
@ro0NL
Copy link
Contributor

ro0NL commented Nov 6, 2019

@jakzal not to me, all bundle read/write related infra is marked internal.

All public classes with read access are final and use a fixed base path, e.g.:

symfony/src/Symfony/Component/Intl/Timezones.php

Lines 116 to 119 in 2c9a196

protected static function getPath(): string
{
return Intl::getDataDirectory().'/'.Intl::TIMEZONE_DIR;
}

the directory traversal attack check is already in place, given the locale may be user provided:

symfony/src/Symfony/Component/Intl/Data/Bundle/Reader/PhpBundleReader.php

Lines 33 to 36 in 2c9a196

// prevent directory traversal attacks
if (\dirname($fileName) !== $path) {
throw new ResourceBundleNotFoundException(sprintf('The resource bundle "%s" does not exist.', $fileName));
}

@jakzal jakzal changed the title WIP: [Intl] Switch from json to php resources [Intl] Switch from json to php resources Nov 7, 2019
@nicolas-grekas
Copy link
Member

Since from now on we'd be including php files directly, are there any security implications?

Not if we don't allow user input to get there, ie no .., etc. Is this enforced anywhere?

@nicolas-grekas
Copy link
Member

Note that we absolutely need to store the loaded data in a static variable. The reason is that we don't want to parse these files more than once when running test suites.

@nicolas-grekas
Copy link
Member

@jakzal up to finish this one?

@jakzal
Copy link
Contributor Author

jakzal commented Mar 18, 2020
edited
Loading

Let me update ICU first (it's that time of year again). Oh, It's not the time yet. I misread the version ;)

@jakzal jakzal closed this Mar 18, 2020
@jakzal jakzal deleted the intl-php-resources branch March 18, 2020 12:16
@fancyweb
Copy link
Contributor

fancyweb commented Apr 8, 2020

@jakzal Why did you close it?

@jakzal
Copy link
Contributor Author

jakzal commented Apr 8, 2020

It got out of date. I need a new one!

@adri
Copy link
Contributor

adri commented Jul 10, 2020

Really cool PR! Would it be a lot of work to make a new PR?

@jderusse
Copy link
Member

jderusse commented Nov 5, 2020

hello @jakzal what is the status of this PR?

@jderusse jderusse mentioned this pull request Apr 12, 2021
Merged
nicolas-grekas added a commit that referenced this pull request Apr 14, 2021
@nicolas-grekas
minor #40790 [Intl] Switch from json to php resources (jderusse)
501c310 
This PR was merged into the 5.3-dev branch.

Discussion
----------

[Intl] Switch from json to php resources

| Q             | A
| ------------- | ---
| Branch?       | 5.x
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | Fix #23545
| License       | MIT
| Doc PR        | -

take over #34214

Commits
-------

24bfc3b [Intl] Switch from json to php resources
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Intl Status: Needs Review
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
7 participants
@jakzal @ro0NL @nicolas-grekas @fancyweb @adri @jderusse @carsonbot