Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[2.3] [HttpFoundation] UploadedFile - moved a security check from move() to isValid() #6802

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
3 participants
Contributor

bamarni commented Jan 18, 2013

Q A
Bug fix? [yes]
New feature? [no]
BC breaks? [yes slightly]
Deprecations? [no]
Tests pass? [yes]
License MIT

Fixed and reopened against 2.0 as per @vicb comments in #6779.

Contributor

vicb commented Jan 18, 2013

Does getTargetFile exist in 2.0 ?

Contributor

bamarni commented Jan 18, 2013

Yes it exists in File and it was already there, I haven't changed this part of the code, only removed an elseif.

Contributor

vicb commented Jan 18, 2013

You're right, my bad ! I'd better go on week-end right now I think !

@fabpot fabpot commented on the diff Feb 27, 2013

...ymfony/Component/HttpFoundation/File/UploadedFile.php
*
* @api
*/
public function isValid()
{
- return $this->error === UPLOAD_ERR_OK;
+ $isOk = $this->error === UPLOAD_ERR_OK;
+
+ return $this->test ? $isOk : $isOk && is_uploaded_file($this->getPathname());
@fabpot

fabpot Feb 27, 2013

Owner

In case of a test, the behavior is not as before. This is definitely a BC break.

Owner

fabpot commented Feb 27, 2013

As there is a BC break, it must go into master.

@bamarni bamarni referenced this pull request Feb 27, 2013

Merged

[2.3] moved a security check in HttpUploadedFile #7201

1 of 1 task complete
Contributor

bamarni commented Feb 27, 2013

I've merged this out into master and submitted a new PR, see #7201

@bamarni bamarni closed this Mar 11, 2013

@bamarni bamarni deleted the unknown repository branch Mar 11, 2013

@fabpot fabpot added a commit that referenced this pull request Mar 23, 2013

@fabpot fabpot merged branch bamarni/http-uploaded-file (PR #7201)
This PR was merged into the master branch.

Discussion
----------

[2.3] moved a security check in HttpUploadedFile

closes #6802

- [x] fix the testsuite, I've only run the component suite, but it needs to be updated in other places too (according to travis)

Commits
-------

5bb44f5 [HttpFoundation] UploadedFile - moved a security check
2b4cfbd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment