Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 3d807c1

Browse filesBrowse files
committed
[Routing] Validate "namespace" (when using Psr4DirectoryLoader)
1 parent 31c4198 commit 3d807c1
Copy full SHA for 3d807c1

File tree

Expand file treeCollapse file tree

2 files changed

+34
-0
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+34
-0
lines changed

‎src/Symfony/Component/Routing/Loader/Psr4DirectoryLoader.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Routing/Loader/Psr4DirectoryLoader.php
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\Config\Loader\DirectoryAwareLoaderInterface;
1616
use Symfony\Component\Config\Loader\Loader;
1717
use Symfony\Component\Config\Resource\DirectoryResource;
18+
use Symfony\Component\Routing\Exception\InvalidArgumentException;
1819
use Symfony\Component\Routing\RouteCollection;
1920

2021
/**
@@ -43,6 +44,10 @@ public function load(mixed $resource, ?string $type = null): ?RouteCollection
4344
return new RouteCollection();
4445
}
4546

47+
if (!preg_match('/^(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*+\\\)++$/', trim($resource['namespace'], '\\').'\\')) {
48+
throw new InvalidArgumentException(\sprintf('Namespace "%s" is not a valid PSR-4 prefix.', $resource['namespace']));
49+
}
50+
4651
return $this->loadFromDirectory($path, trim($resource['namespace'], '\\'));
4752
}
4853

‎src/Symfony/Component/Routing/Tests/Loader/Psr4DirectoryLoaderTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Routing/Tests/Loader/Psr4DirectoryLoaderTest.php
+29Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\Config\FileLocator;
1616
use Symfony\Component\Config\Loader\DelegatingLoader;
1717
use Symfony\Component\Config\Loader\LoaderResolver;
18+
use Symfony\Component\Routing\Exception\InvalidArgumentException;
1819
use Symfony\Component\Routing\Loader\AttributeClassLoader;
1920
use Symfony\Component\Routing\Loader\Psr4DirectoryLoader;
2021
use Symfony\Component\Routing\Route;
@@ -90,6 +91,34 @@ public static function provideNamespacesThatNeedTrimming(): array
9091
];
9192
}
9293

94+
/**
95+
* @dataProvider provideInvalidPsr4Namespaces
96+
*/
97+
public function testInvalidPsr4Namespace(string $namespace, string $expectedExceptionMessage)
98+
{
99+
$this->expectException(InvalidArgumentException::class);
100+
$this->expectExceptionMessage($expectedExceptionMessage);
101+
102+
$this->getLoader()->load(
103+
['path' => 'Psr4Controllers', 'namespace' => $namespace],
104+
'attribute'
105+
);
106+
}
107+
108+
public static function provideInvalidPsr4Namespaces(): array
109+
{
110+
return [
111+
'slash instead of back-slash' => [
112+
'namespace' => 'App\Application/Controllers',
113+
'exceptionMessage' => 'Namespace "App\Application/Controllers" is not a valid PSR-4 prefix.',
114+
],
115+
'invalid namespace' => [
116+
'namespace' => 'App\Contro llers',
117+
'exceptionMessage' => 'Namespace "App\Contro llers" is not a valid PSR-4 prefix.',
118+
],
119+
];
120+
}
121+
93122
private function loadPsr4Controllers(): RouteCollection
94123
{
95124
return $this->getLoader()->load(

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.