bug #20687 [FrameworkBundle] Forbid env parameters in routing configu…

…ration (nicolas-grekas)

This PR was merged into the 3.2 branch.

Discussion
----------

[FrameworkBundle] Forbid env parameters in routing configuration

| Q             | A
| ------------- | ---
| Branch?       | 3.2
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |  #20682
| License       | MIT
| Doc PR        | -

Commits
-------

a931002 [FrameworkBundle] Forbid env parameters in routing configuration

src/Symfony/Bundle/FrameworkBundle/Routing/Router.php

@@ -146,6 +146,10 @@ private function resolve($value)
                 return '%%';
             }
 
+            if (preg_match('/^env\(\w+\)$/', $match[1])) {
+                throw new RuntimeException(sprintf('Using "%%%s%%" is not allowed in routing configuration.', $match[1]));
+            }
+
             $resolved = $container->getParameter($match[1]);
 
             if (is_string($resolved) || is_numeric($resolved)) {

src/Symfony/Bundle/FrameworkBundle/Tests/Routing/RouterTest.php

@@ -131,6 +131,20 @@ public function testPatternPlaceholders()
         );
     }
 
+    /**
+     * @expectedException \Symfony\Component\DependencyInjection\Exception\RuntimeException
+     * @expectedExceptionMessage Using "%env(FOO)%" is not allowed in routing configuration.
+     */
+    public function testEnvPlaceholders()
+    {
+        $routes = new RouteCollection();
+
+        $routes->add('foo', new Route('/%env(FOO)%'));
+
+        $router = new Router($this->getServiceContainer($routes), 'foo');
+        $router->getRouteCollection();
+    }
+
     public function testHostPlaceholders()
     {
         $routes = new RouteCollection();