mirror of
https://github.com/itflow-org/itflow
synced 2026-03-18 19:54:51 +00:00
Updated symfony/http-foundation from 7.3.3 to 7.3.7
This commit is contained in:
johnnyq
@@ -164,7 +164,7 @@ class BinaryFileResponse extends Response
|
||||
for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
|
||||
$char = mb_substr($filename, $i, 1, $encoding);
|
||||
|
||||
if ('%' === $char || \ord($char) < 32 || \ord($char) > 126) {
|
||||
if ('%' === $char || \ord($char[0]) < 32 || \ord($char[0]) > 126) {
|
||||
$filenameFallback .= '_';
|
||||
} else {
|
||||
$filenameFallback .= $char;
|
||||
|
||||
@@ -300,10 +300,21 @@ class Request
|
||||
$server['PATH_INFO'] = '';
|
||||
$server['REQUEST_METHOD'] = strtoupper($method);
|
||||
|
||||
if (($i = strcspn($uri, ':/?#')) && ':' === ($uri[$i] ?? null) && (strspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-.') !== $i || strcspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'))) {
|
||||
throw new BadRequestException('Invalid URI: Scheme is malformed.');
|
||||
}
|
||||
if (false === $components = parse_url(\strlen($uri) !== strcspn($uri, '?#') ? $uri : $uri.'#')) {
|
||||
throw new BadRequestException('Invalid URI.');
|
||||
}
|
||||
|
||||
$part = ($components['user'] ?? '').':'.($components['pass'] ?? '');
|
||||
|
||||
if (':' !== $part && \strlen($part) !== strcspn($part, '[]')) {
|
||||
throw new BadRequestException('Invalid URI: Userinfo is malformed.');
|
||||
}
|
||||
if (($part = $components['host'] ?? '') && !self::isHostValid($part)) {
|
||||
throw new BadRequestException('Invalid URI: Host is malformed.');
|
||||
}
|
||||
if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) {
|
||||
throw new BadRequestException('Invalid URI: A URI cannot contain a backslash.');
|
||||
}
|
||||
@@ -1091,10 +1102,8 @@ class Request
|
||||
// host is lowercase as per RFC 952/2181
|
||||
$host = strtolower(preg_replace('/:\d+$/', '', trim($host)));
|
||||
|
||||
// as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
|
||||
// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
|
||||
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
|
||||
if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) {
|
||||
// the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
|
||||
if ($host && !self::isHostValid($host)) {
|
||||
if (!$this->isHostValid) {
|
||||
return '';
|
||||
}
|
||||
@@ -1236,15 +1245,22 @@ class Request
|
||||
static::initializeFormats();
|
||||
}
|
||||
|
||||
$exactFormat = null;
|
||||
$canonicalFormat = null;
|
||||
|
||||
foreach (static::$formats as $format => $mimeTypes) {
|
||||
if (\in_array($mimeType, (array) $mimeTypes, true)) {
|
||||
return $format;
|
||||
if (\in_array($mimeType, $mimeTypes, true)) {
|
||||
$exactFormat = $format;
|
||||
}
|
||||
if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes, true)) {
|
||||
return $format;
|
||||
if (null !== $canonicalMimeType && \in_array($canonicalMimeType, $mimeTypes, true)) {
|
||||
$canonicalFormat = $format;
|
||||
}
|
||||
}
|
||||
|
||||
if ($format = $exactFormat ?? $canonicalFormat) {
|
||||
return $format;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -1259,7 +1275,7 @@ class Request
|
||||
static::initializeFormats();
|
||||
}
|
||||
|
||||
static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : [$mimeTypes];
|
||||
static::$formats[$format ?? ''] = (array) $mimeTypes;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1892,9 +1908,8 @@ class Request
|
||||
}
|
||||
|
||||
$pathInfo = substr($requestUri, \strlen($baseUrl));
|
||||
if ('' === $pathInfo) {
|
||||
// If substr() returns false then PATH_INFO is set to an empty string
|
||||
return '/';
|
||||
if ('' === $pathInfo || '/' !== $pathInfo[0]) {
|
||||
return '/'.$pathInfo;
|
||||
}
|
||||
|
||||
return $pathInfo;
|
||||
@@ -2101,4 +2116,21 @@ class Request
|
||||
|
||||
return $this->isIisRewrite;
|
||||
}
|
||||
|
||||
/**
|
||||
* See https://url.spec.whatwg.org/.
|
||||
*/
|
||||
private static function isHostValid(string $host): bool
|
||||
{
|
||||
if ('[' === $host[0]) {
|
||||
return ']' === $host[-1] && filter_var(substr($host, 1, -1), \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6);
|
||||
}
|
||||
|
||||
if (preg_match('/\.[0-9]++\.?$/D', $host)) {
|
||||
return null !== filter_var($host, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4 | \FILTER_NULL_ON_FAILURE);
|
||||
}
|
||||
|
||||
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
|
||||
return '' === preg_replace('/[-a-zA-Z0-9_]++\.?/', '', $host);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -159,7 +159,7 @@ class ResponseHeaderBag extends HeaderBag
|
||||
|
||||
public function setCookie(Cookie $cookie): void
|
||||
{
|
||||
$this->cookies[$cookie->getDomain()][$cookie->getPath()][$cookie->getName()] = $cookie;
|
||||
$this->cookies[$cookie->getDomain() ?? ''][$cookie->getPath()][$cookie->getName()] = $cookie;
|
||||
$this->headerNames['set-cookie'] = 'Set-Cookie';
|
||||
}
|
||||
|
||||
@@ -170,13 +170,13 @@ class ResponseHeaderBag extends HeaderBag
|
||||
{
|
||||
$path ??= '/';
|
||||
|
||||
unset($this->cookies[$domain][$path][$name]);
|
||||
unset($this->cookies[$domain ?? ''][$path][$name]);
|
||||
|
||||
if (empty($this->cookies[$domain][$path])) {
|
||||
unset($this->cookies[$domain][$path]);
|
||||
if (empty($this->cookies[$domain ?? ''][$path])) {
|
||||
unset($this->cookies[$domain ?? ''][$path]);
|
||||
|
||||
if (empty($this->cookies[$domain])) {
|
||||
unset($this->cookies[$domain]);
|
||||
if (empty($this->cookies[$domain ?? ''])) {
|
||||
unset($this->cookies[$domain ?? '']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -132,14 +132,12 @@ class ServerEvent implements \IteratorAggregate
|
||||
}
|
||||
yield $head;
|
||||
|
||||
if ($this->data) {
|
||||
if (is_iterable($this->data)) {
|
||||
foreach ($this->data as $data) {
|
||||
yield \sprintf('data: %s', $data)."\n";
|
||||
}
|
||||
} else {
|
||||
yield \sprintf('data: %s', $this->data)."\n";
|
||||
if (is_iterable($this->data)) {
|
||||
foreach ($this->data as $data) {
|
||||
yield \sprintf('data: %s', $data)."\n";
|
||||
}
|
||||
} elseif ('' !== $this->data) {
|
||||
yield \sprintf('data: %s', $this->data)."\n";
|
||||
}
|
||||
|
||||
yield "\n";
|
||||
|
||||
@@ -219,7 +219,7 @@ class PdoSessionHandler extends AbstractSessionHandler
|
||||
$table->addColumn($this->timeCol, Types::INTEGER)->setNotnull(true);
|
||||
break;
|
||||
case 'sqlsrv':
|
||||
$table->addColumn($this->idCol, Types::TEXT)->setLength(128)->setNotnull(true);
|
||||
$table->addColumn($this->idCol, Types::STRING)->setLength(128)->setNotnull(true);
|
||||
$table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true);
|
||||
$table->addColumn($this->lifetimeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true);
|
||||
$table->addColumn($this->timeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true);
|
||||
|
||||
Reference in New Issue
Block a user