Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Updated all the yaml loaders to get the file contents first.

This is to fix a potential security issue with the Yaml loader. Ability to load the file like we were will be removed soon anyway, so may as well change now.

http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
  • Loading branch information...
commit 4e2c0d4b1464e5ce46cc6f0cbca00be7ed7bbe97 1 parent cbbb729
@rikh42 authored
View
2  config/ConfigSettings.php
@@ -129,7 +129,7 @@ protected function loadResource($resource)
$configPath = $this->kernel->findResource($resource, 'config');
// Read in the content (file or string)
- $content = Yaml::parse($configPath);
+ $content = Yaml::parse(file_get_contents($configPath));
// bad data turns into an empty result
if ($content == null) {
View
2  form/FormBuilder.php
@@ -142,7 +142,7 @@ public function loadForm($resource)
$filename = $this->container->get('kernel')->findResource($resource, 'forms');
// Read in the content (file or string)
- $content = Yaml::parse($filename);
+ $content = Yaml::parse(file_get_contents($filename));
// bad data turns into an empty result
if ($content==null) {
View
2  routing/RouteCollection.php
@@ -137,7 +137,7 @@ public function loadFromResource($resourceName)
$filename = $kernel->findResource($resourceName, 'config');
// Load in the routes
- $content = Yaml::parse($filename);
+ $content = Yaml::parse(file_get_contents($filename));
if (($content == null) || (!is_array($content))) {
return $routes;
}
Please sign in to comment.
Something went wrong with that request. Please try again.