From 8ad32f0ef56b13fb7930fea9dcface331f6ded22 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Tue, 10 Oct 2017 10:04:23 +0200 Subject: [PATCH 1/4] never match invalid IP addresses --- .../Component/HttpFoundation/IpUtils.php | 4 ++++ .../HttpFoundation/Tests/IpUtilsTest.php | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index dc6d3ec818a3..3bb33140f505 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -87,6 +87,10 @@ public static function checkIp4($requestIp, $ip) $netmask = 32; } + if (false === ip2long($address)) { + return self::$checkedIps[$cacheKey] = false; + } + return self::$checkedIps[$cacheKey] = 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask); } diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 297ee3d8d354..54cbb5c20672 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -82,4 +82,21 @@ public function testAnIpv6WithOptionDisabledIpv6() IpUtils::checkIp('2a01:198:603:0:396e:4789:8e99:890f', '2a01:198:603:0::/65'); } + + /** + * @dataProvider invalidIpAddressData + */ + public function testInvalidIpAddressesDoNotMatch($requestIp, $proxyIp) + { + $this->assertFalse(IpUtils::checkIp4($requestIp, $proxyIp)); + } + + public function invalidIpAddressData() + { + return array( + 'invalid proxy wildcard' => array('192.168.20.13', '*'), + 'invalid proxy missing netmask' => array('192.168.20.13', '0.0.0.0'), + 'invalid request IP with invalid proxy wildcard' => array('0.0.0.0', '*'), + ); + } } From c6ed0e4f86a0cda30f906237e7032ce978e40b70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Thu, 12 Oct 2017 09:08:46 +0200 Subject: [PATCH 2/4] [Translation] minor: remove unused variable in test --- src/Symfony/Component/Translation/Tests/TranslatorTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Translation/Tests/TranslatorTest.php b/src/Symfony/Component/Translation/Tests/TranslatorTest.php index 960d8f4d3c54..6047cf7c3c83 100644 --- a/src/Symfony/Component/Translation/Tests/TranslatorTest.php +++ b/src/Symfony/Component/Translation/Tests/TranslatorTest.php @@ -25,7 +25,7 @@ class TranslatorTest extends TestCase */ public function testConstructorInvalidLocale($locale) { - $translator = new Translator($locale, new MessageSelector()); + new Translator($locale, new MessageSelector()); } /** From 345f2fc60e54f2429b6b862a9336edaaadd3a184 Mon Sep 17 00:00:00 2001 From: Artur Eshenbrener Date: Thu, 12 Oct 2017 14:28:41 +0300 Subject: [PATCH 3/4] [DI] Fix possible incorrect php-code when dumped strings contains newlines --- .../Component/DependencyInjection/Dumper/PhpDumper.php | 7 +++++++ .../DependencyInjection/Tests/Dumper/PhpDumperTest.php | 1 + .../DependencyInjection/Tests/Fixtures/php/services10.php | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php index 5a0f89c8b401..01d9ca7192d2 100644 --- a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php +++ b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php @@ -1574,6 +1574,13 @@ private function export($value) return $dirname; } + if (is_string($value) && false !== strpos($value, "\n")) { + $cleanParts = explode("\n", $value); + $cleanParts = array_map(function ($part) { return var_export($part, true); }, $cleanParts); + + return implode('."\n".', $cleanParts); + } + return var_export($value, true); } } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php index e238649361a3..57f8a47a907a 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php @@ -55,6 +55,7 @@ public function testDumpOptimizationString() 'optimize concatenation with empty string' => 'string1%empty_value%string2', 'optimize concatenation from the start' => '%empty_value%start', 'optimize concatenation at the end' => 'end%empty_value%', + 'new line' => "string with \nnew line", )); $container = new ContainerBuilder(); diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services10.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services10.php index a674eae8b49d..6538f0ae53df 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services10.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services10.php @@ -56,7 +56,7 @@ public function isFrozen() */ protected function getTestService() { - return $this->services['test'] = new \stdClass(array('only dot' => '.', 'concatenation as value' => '.\'\'.', 'concatenation from the start value' => '\'\'.', '.' => 'dot as a key', '.\'\'.' => 'concatenation as a key', '\'\'.' => 'concatenation from the start key', 'optimize concatenation' => 'string1-string2', 'optimize concatenation with empty string' => 'string1string2', 'optimize concatenation from the start' => 'start', 'optimize concatenation at the end' => 'end')); + return $this->services['test'] = new \stdClass(array('only dot' => '.', 'concatenation as value' => '.\'\'.', 'concatenation from the start value' => '\'\'.', '.' => 'dot as a key', '.\'\'.' => 'concatenation as a key', '\'\'.' => 'concatenation from the start key', 'optimize concatenation' => 'string1-string2', 'optimize concatenation with empty string' => 'string1string2', 'optimize concatenation from the start' => 'start', 'optimize concatenation at the end' => 'end', 'new line' => 'string with '."\n".'new line')); } /** From 9efb76572ae71d3bee17efeb39f0451760bf31db Mon Sep 17 00:00:00 2001 From: loru88 Date: Wed, 11 Oct 2017 16:39:25 +0200 Subject: [PATCH 4/4] [Validator] added magic method __isset() to File Constraint class --- src/Symfony/Component/Validator/Constraints/File.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/Symfony/Component/Validator/Constraints/File.php b/src/Symfony/Component/Validator/Constraints/File.php index 7756978b3521..54e7351562c9 100644 --- a/src/Symfony/Component/Validator/Constraints/File.php +++ b/src/Symfony/Component/Validator/Constraints/File.php @@ -88,6 +88,15 @@ public function __get($option) return parent::__get($option); } + public function __isset($option) + { + if ('maxSize' === $option) { + return true; + } + + return parent::__isset($option); + } + private function normalizeBinaryFormat($maxSize) { $sizeInt = (int) $maxSize;