[Form] Fixed cannot unset string offsets in CsrfValidationListener #5838
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you for the pull request! Could you please reference the pull request in the test? // https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
... |
|
@bschussek Added, thanks. |
| $event = new FormEvent($this->form, $data); | ||
|
|
||
| $validation = new CsrfValidationListener('csrf', $this->csrfProvider, 'unknown'); | ||
| $validation->preBind($event); |
There was a problem hiding this comment.
the test should include an assertion
There was a problem hiding this comment.
@Tobion Since the error will be a fatal error, I can't link a assert to this test (since the test itself will trigger the fatal error).
There was a problem hiding this comment.
@jfcixmedia If you run PHPUnit in strict mode, a test without any assertion in it will be marked as a failure
There was a problem hiding this comment.
@stof It was unknown to me. Thanks
fabpot
added a commit
that referenced
this pull request
Feb 20, 2013
This PR was squashed before being merged into the master branch (closes #5838). Commits ------- 201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener Discussion ---------- [Form] Fixed cannot unset string offsets in CsrfValidationListener Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: - Todo: - License of the code: MIT Documentation PR: - A php fatal error is happening when someone rewrite the entire form data for an object with a single input. ``` Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72 ``` Example: ```html <form action="/app_dev.php/post/create" method="post" > <div id="posttype"> <div> <label for="posttype_name" class="required">Name</label> <input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" /> </div> <div> <label for="posttype_text" class="required">Text</label> <textarea id="posttype_text" name="posttype[text]" required="required"></textarea> </div> <input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div> <p> <button type="submit">Create</button> </p> </form> ``` If someone alters the html to add a simple input at the bottom of the form like this one: ```html <input type="text" id="posttype" name="posttype" value="test123" /> ``` The result will be a php fatal error. --------------------------------------------------------------------------- by bschussek at 2012-10-26T09:49:05Z Thank you for the pull request! Could you please reference the pull request in the test? ```php // #5838 public function testStringFormData() { ... ``` --------------------------------------------------------------------------- by jfcixmedia at 2012-10-26T10:21:29Z @bschussek Added, thanks.
fabpot
added a commit
that referenced
this pull request
Feb 23, 2013
* 2.1: Defined stable version point of Doctrine. [HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes #6750) Update composer.json [Form] Fixed TimeType not to render a "size" attribute in select tags [Form] Added test for "label" option to accept the value "0" Expanded fault-tolerance for unusual cookie dates Fix docblock type [Form] Fixed "label" option to accept the value "0" merged branch jfcixmedia/2.1 (PR #5838) [DomCrawler] lowered parsed protocol string (fixes #6986) Conflicts: composer.json src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/time_widget.html.php src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Validator/composer.json
fabpot
added a commit
that referenced
this pull request
Feb 23, 2013
* 2.2: Defined stable version point of Doctrine. [HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes #6750) Update composer.json [Form] Fixed TimeType not to render a "size" attribute in select tags [Form] Added test for "label" option to accept the value "0" Expanded fault-tolerance for unusual cookie dates Fix docblock type [Form] Fixed "label" option to accept the value "0" Added greek translation merged branch jfcixmedia/2.1 (PR #5838) added a note about a BC break for the path info of sub-request (closes #7138) [DomCrawler] lowered parsed protocol string (fixes #6986) [FrameworkBundle] Fix a BC for Hinclude global template [HttpKernel] fixed locale management when exiting sub-requests fixed HInclude renderer (closes #7113) Removed some leaking deprecation warning in the Form component [HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html Conflicts: src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Component/Security/composer.json
fabpot
added a commit
to symfony/form
that referenced
this pull request
Nov 25, 2013
This PR was squashed before being merged into the master branch (closes #5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// symfony/symfony#5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
fabpot
added a commit
to symfony/form
that referenced
this pull request
Nov 25, 2013
This PR was squashed before being merged into the master branch (closes #5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// symfony/symfony#5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
fabpot
added a commit
to symfony/form
that referenced
this pull request
May 23, 2014
This PR was squashed before being merged into the master branch (closes #5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// symfony/symfony#5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
Example:
If someone alters the html to add a simple input at the bottom of the form like this one:
The result will be a php fatal error.