[HttpKernel][FrameworkBundle] Fix escaping of serialized payloads pas…

…sed to test clients
symfony · Sep 4, 2018 · 2554554 · 2554554
1 parent 74b6689
commit 2554554
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/src/Symfony/Bundle/FrameworkBundle/Client.php b/src/Symfony/Bundle/FrameworkBundle/Client.php
@@ -161,19 +161,19 @@ protected function doRequestInProcess($request)
      */
     protected function getScript($request)
     {
-        $kernel = str_replace("'", "\\'", serialize($this->kernel));
-        $request = str_replace("'", "\\'", serialize($request));
+        $kernel = var_export(serialize($this->kernel), true);
+        $request = var_export(serialize($request), true);
 
         $r = new \ReflectionObject($this->kernel);
 
         $autoloader = \dirname($r->getFileName()).'/autoload.php';
         if (is_file($autoloader)) {
-            $autoloader = str_replace("'", "\\'", $autoloader);
+            $autoloader = var_export($autoloader, true);
         } else {
-            $autoloader = '';
+            $autoloader = 'false';
         }
 
-        $path = str_replace("'", "\\'", $r->getFileName());
+        $path = var_export($r->getFileName(), true);
 
         $profilerCode = '';
         if ($this->profiler) {
@@ -187,16 +187,16 @@ protected function getScript($request)
 
 error_reporting($errorReporting);
 
-if ('$autoloader') {
-    require_once '$autoloader';
+if ($autoloader) {
+    require_once $autoloader;
 }
-require_once '$path';
+require_once $path;
 
-\$kernel = unserialize('$kernel');
+\$kernel = unserialize($kernel);
 \$kernel->boot();
 $profilerCode
 
-\$request = unserialize('$request');
+\$request = unserialize($request);
 EOF;
 
         return $code.$this->getHandleScript();

diff --git a/src/Symfony/Component/HttpKernel/Client.php b/src/Symfony/Component/HttpKernel/Client.php
@@ -71,27 +71,27 @@ protected function doRequest($request)
      */
     protected function getScript($request)
     {
-        $kernel = str_replace("'", "\\'", serialize($this->kernel));
-        $request = str_replace("'", "\\'", serialize($request));
+        $kernel = var_export(serialize($this->kernel), true);
+        $request = var_export(serialize($request), true);
 
         $r = new \ReflectionClass('\\Symfony\\Component\\ClassLoader\\ClassLoader');
-        $requirePath = str_replace("'", "\\'", $r->getFileName());
-        $symfonyPath = str_replace("'", "\\'", \dirname(\dirname(\dirname(__DIR__))));
+        $requirePath = var_export($r->getFileName(), true);
+        $symfonyPath = var_export(\dirname(\dirname(\dirname(__DIR__))), true);
         $errorReporting = error_reporting();
 
         $code = <<<EOF
 <?php
 
 error_reporting($errorReporting);
 
-require_once '$requirePath';
+require_once $requirePath;
 
 \$loader = new Symfony\Component\ClassLoader\ClassLoader();
-\$loader->addPrefix('Symfony', '$symfonyPath');
+\$loader->addPrefix('Symfony', $symfonyPath);
 \$loader->register();
 
-\$kernel = unserialize('$kernel');
-\$request = unserialize('$request');
+\$kernel = unserialize($kernel);
+\$request = unserialize($request);
 EOF;
 
         return $code.$this->getHandleScript();