Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f75f466

Browse filesBrowse files
fabpotfabpot
committed
merged branch stealth35/fix_distant_trans (PR symfony#2346)
Commits ------- ae0685a [Translation] Loader should only load local files Discussion ---------- [Translation] Security : Loader should only load local files Bug fix: no Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: - See: symfony#2327
2 parents 50c47aa + ae0685a commit f75f466
Copy full SHA for f75f466

File tree

Expand file treeCollapse file tree

6 files changed

+42
-0
lines changed
Filter options
Expand file treeCollapse file tree

6 files changed

+42
-0
lines changed

‎src/Symfony/Component/Translation/Loader/CsvFileLoader.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Translation/Loader/CsvFileLoader.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ public function load($resource, $locale, $domain = 'messages')
3535
{
3636
$messages = array();
3737

38+
if (!stream_is_local($resource)) {
39+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
40+
}
41+
3842
try {
3943
$file = new \SplFileObject($resource, 'rb');
4044
} catch(\RuntimeException $e) {

‎src/Symfony/Component/Translation/Loader/PhpFileLoader.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Translation/Loader/PhpFileLoader.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ class PhpFileLoader extends ArrayLoader implements LoaderInterface
2929
*/
3030
public function load($resource, $locale, $domain = 'messages')
3131
{
32+
if (!stream_is_local($resource)) {
33+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
34+
}
35+
3236
$messages = require($resource);
3337

3438
$catalogue = parent::load($messages, $locale, $domain);

‎src/Symfony/Component/Translation/Loader/XliffFileLoader.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Translation/Loader/XliffFileLoader.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,10 @@ class XliffFileLoader implements LoaderInterface
3030
*/
3131
public function load($resource, $locale, $domain = 'messages')
3232
{
33+
if (!stream_is_local($resource)) {
34+
throw new \InvalidArgumentException(sprintf('This is not a local file "%s".', $resource));
35+
}
36+
3337
$xml = $this->parseFile($resource);
3438
$xml->registerXPathNamespace('xliff', 'urn:oasis:names:tc:xliff:document:1.2');
3539

‎tests/Symfony/Tests/Component/Translation/Loader/CsvFileLoaderTest.php

Copy file name to clipboardExpand all lines: tests/Symfony/Tests/Component/Translation/Loader/CsvFileLoaderTest.php
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,4 +47,14 @@ public function testLoadThrowsAnExceptionIfFileNotExists()
4747
$resource = __DIR__.'/../fixtures/not-exists.csv';
4848
$loader->load($resource, 'en', 'domain1');
4949
}
50+
51+
/**
52+
* @expectedException \InvalidArgumentException
53+
*/
54+
public function testLoadThrowsAnExceptionIfFileNotLocal()
55+
{
56+
$loader = new CsvFileLoader();
57+
$resource = 'http://example.com/resources.csv';
58+
$loader->load($resource, 'en', 'domain1');
59+
}
5060
}

‎tests/Symfony/Tests/Component/Translation/Loader/PhpFileLoaderTest.php

Copy file name to clipboardExpand all lines: tests/Symfony/Tests/Component/Translation/Loader/PhpFileLoaderTest.php
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,4 +26,14 @@ public function testLoad()
2626
$this->assertEquals('en', $catalogue->getLocale());
2727
$this->assertEquals(array(new FileResource($resource)), $catalogue->getResources());
2828
}
29+
30+
/**
31+
* @expectedException \InvalidArgumentException
32+
*/
33+
public function testLoadThrowsAnExceptionIfFileNotLocal()
34+
{
35+
$loader = new PhpFileLoader();
36+
$resource = 'http://example.com/resources.php';
37+
$loader->load($resource, 'en', 'domain1');
38+
}
2939
}

‎tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php

Copy file name to clipboardExpand all lines: tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,4 +44,14 @@ public function testLoadResourceDoesNotValidate()
4444
$loader = new XliffFileLoader();
4545
$catalogue = $loader->load(__DIR__.'/../fixtures/non-valid.xliff', 'en', 'domain1');
4646
}
47+
48+
/**
49+
* @expectedException \InvalidArgumentException
50+
*/
51+
public function testLoadThrowsAnExceptionIfFileNotLocal()
52+
{
53+
$loader = new XliffFileLoader();
54+
$resource = 'http://example.com/resources.xliff';
55+
$loader->load($resource, 'en', 'domain1');
56+
}
4757
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.