PSR-6 cache issue with RecursiveContextualValidator.php #20685
Comments
javiereguiluz
changed the title
|
I think this is primarily an issue when This is a minimum testing file to illustrate the exception thrown (the test used here will not pass): <?php
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class Parent20685
{
/**
* @Assert\Valid
*/
public $child20685A;
/**
* @Assert\Valid
*/
public $child20685B;
}
class Child20685A
{
/**
* @Assert\Valid
* @Assert\NotBlank
*/
public $name;
}
class Child20685B
{
/**
* @Assert\Valid
* @Assert\NotBlank
*/
public $name;
}
class Validator206858Test extends WebTestCase
{
public function test206858()
{
static::bootKernel();
$container = static::$kernel->getContainer();
$validator = $container->get('validator');
$parent = new Parent20685();
$childA = new Child20685A();
$childB = new Child20685B();
$childA->name = false;
$childB->name = 'fake';
$parent->child20685A = [$childA];
$parent->child20685B = [$childB];
$validator->validate($parent, null, ['Default']);
$this->assertEquals(1, 1);
}
}With the change I posted in the initial post, this test will pass fine without an error. The test also passes on sub 3.1.5 versions (3.0.* and below seem to have no problems with using |
|
Also - in actual program usage, with debug set to true in the second AppKernel parameter, this does not result in an exception being thrown, but without (debug set to false) it does, which seems odd. |
|
ping @dunglas I guess |
|
Looks good, thanks! |
This PR was squashed before being merged into the 3.1 branch (closes #20745). Discussion ---------- [Validator] add class name to the cache key | Q | A | ------------- | --- | Branch? | 3.1 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #20685 | License | MIT | Doc PR | Adding the class name to the cache key to avoid collision Commits ------- 1681fc9 [Validator] add class name to the cache key
In the RecursiveContextualValidator.php file, it makes the class metadata map, with propertyName as a key for the caching.
This has a bad bug when a key (property name) is re-used between nested class instances, such that the value of the key is included in the cache name - however, if multiple entities / nested object instances have the same key/value pairs, this causes a collision and gives an error about the class metadata map expecting an object, but a boolean being returned.
The other portion of this bug is that the value used as part of the cache key is not escaped in anyway, and it is very likely and possible that the value has 'illegal' cache key characters (parenthesis etc.).
This is not extensively tested, but seems to fix for our use case (adding something similar to this after line 563 in Symfony/Component/Validator/Validator/RecursiveContextualValidator.php):
Edit: This is with Symfony 3.1.5+ that seems to have introduced the issue
The text was updated successfully, but these errors were encountered: