[SECURITY][TASK] Remove support for native PHP yaml extension

Resolves: #85424 Releases: master, 8.7 Security-Commit: d1df0ce67ff83d75a3d4878b2f9cb315c4c23bc1 Security-Bulletin: TYPO3-CORE-SA-2018-004 Change-Id: I56b1c9c91018053cd7bd16b8de297425b7765d1e Reviewed-on: https://review.typo3.org/57549 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
TYPO3 · Jul 12, 2018 · c76d46f · c76d46f
1 parent bca913e
commit c76d46f
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 56 deletions.
diff --git a/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php b/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
@@ -37,31 +37,11 @@
  */
 class YamlSource
 {
-    /**
-     * Will be set if the PHP YAML Extension is installed.
-     * Having this installed massively improves YAML parsing performance.
-     *
-     * @var bool
-     * @see http://pecl.php.net/package/yaml
-     */
-    protected $usePhpYamlExtension = false;
-
     /**
      * @var FilePersistenceSlot
      */
     protected $filePersistenceSlot;
 
-    /**
-     * Use PHP YAML Extension if installed.
-     * @internal
-     */
-    public function __construct()
-    {
-        if (extension_loaded('yaml')) {
-            $this->usePhpYamlExtension = true;
-        }
-    }
-
     /**
      * @param FilePersistenceSlot $filePersistenceSlot
      */
@@ -107,17 +87,7 @@ public function load(array $filesToLoad): array
             }
 
             try {
-                if ($this->usePhpYamlExtension) {
-                    $loadedConfiguration = @yaml_parse($rawYamlContent);
-                    if ($loadedConfiguration === false) {
-                        throw new ParseErrorException(
-                            'A parse error occurred while parsing file "' . $fileIdentifier . '".',
-                            1391894094
-                        );
-                    }
-                } else {
-                    $loadedConfiguration = Yaml::parse($rawYamlContent);
-                }
+                $loadedConfiguration = Yaml::parse($rawYamlContent);
 
                 if (is_array($loadedConfiguration)) {
                     $configuration = array_replace_recursive($configuration, $loadedConfiguration);

diff --git a/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php b/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
@@ -49,32 +49,8 @@ public function loadThrowsExceptionIfFileToLoadNotExists()
      */
     public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUseSymfonyParser()
     {
-        if (!extension_loaded('yaml')) {
-            $this->expectException(ParseErrorException::class);
-            $this->expectExceptionCode(1480195405);
-
-            $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
-                'dummy',
-            ], [], '', false);
-
-            $input = [
-                'EXT:form/Tests/Unit/Mvc/Configuration/Fixtures/Invalid.yaml'
-            ];
-
-            $mockYamlSource->_call('load', $input);
-        }
-    }
-
-    /**
-     * @test
-     */
-    public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUsePhpExtensionParser()
-    {
-        if (!extension_loaded('yaml')) {
-            $this->markTestSkipped('Yaml PHP extension not available, skipping.');
-        }
         $this->expectException(ParseErrorException::class);
-        $this->expectExceptionCode(1391894094);
+        $this->expectExceptionCode(1480195405);
 
         $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
             'dummy',