Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit a92ffff

Browse filesBrowse files
Merge branch '4.4' into 5.0
* 4.4: [HttpFoundation] Do not set the default Content-Type based on the Accept header [Security] Fix access_control behavior with unanimous decision strategy
2 parents 6b0ad43 + dca3434 commit a92ffff
Copy full SHA for a92ffff

File tree

Expand file treeCollapse file tree

8 files changed

+76
-16
lines changed
Filter options
Expand file treeCollapse file tree

8 files changed

+76
-16
lines changed

‎src/Symfony/Component/ErrorHandler/ErrorRenderer/SerializerErrorRenderer.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/ErrorHandler/ErrorRenderer/SerializerErrorRenderer.php
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\ErrorHandler\ErrorRenderer;
1313

1414
use Symfony\Component\ErrorHandler\Exception\FlattenException;
15+
use Symfony\Component\HttpFoundation\Request;
1516
use Symfony\Component\HttpFoundation\RequestStack;
1617
use Symfony\Component\Serializer\Exception\NotEncodableValueException;
1718
use Symfony\Component\Serializer\SerializerInterface;
@@ -30,6 +31,7 @@ class SerializerErrorRenderer implements ErrorRendererInterface
3031

3132
/**
3233
* @param string|callable(FlattenException) $format The format as a string or a callable that should return it
34+
* formats not supported by Request::getMimeTypes() should be given as mime types
3335
* @param bool|callable $debug The debugging mode as a boolean or a callable that should return it
3436
*/
3537
public function __construct(SerializerInterface $serializer, $format, ErrorRendererInterface $fallbackErrorRenderer = null, $debug = false)
@@ -57,11 +59,16 @@ public function render(\Throwable $exception): FlattenException
5759

5860
try {
5961
$format = \is_string($this->format) ? $this->format : ($this->format)($flattenException);
62+
$headers = [
63+
'Content-Type' => Request::getMimeTypes($format)[0] ?? $format,
64+
'Vary' => 'Accept',
65+
];
6066

6167
return $flattenException->setAsString($this->serializer->serialize($flattenException, $format, [
6268
'exception' => $exception,
6369
'debug' => \is_bool($this->debug) ? $this->debug : ($this->debug)($exception),
64-
]));
70+
]))
71+
->setHeaders($flattenException->getHeaders() + $headers);
6572
} catch (NotEncodableValueException $e) {
6673
return $this->fallbackErrorRenderer->render($exception);
6774
}

‎src/Symfony/Component/HttpFoundation/Request.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1561,7 +1561,9 @@ public function isNoCache()
15611561
* Gets the preferred format for the response by inspecting, in the following order:
15621562
* * the request format set using setRequestFormat
15631563
* * the values of the Accept HTTP header
1564-
* * the content type of the body of the request.
1564+
*
1565+
* Note that if you use this method, you should send the "Vary: Accept" header
1566+
* in the response to prevent any issues with intermediary HTTP caches.
15651567
*/
15661568
public function getPreferredFormat(?string $default = 'html'): ?string
15671569
{

‎src/Symfony/Component/HttpFoundation/Response.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Response.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -266,7 +266,7 @@ public function prepare(Request $request)
266266
} else {
267267
// Content-type based on the Request
268268
if (!$headers->has('Content-Type')) {
269-
$format = $request->getPreferredFormat(null);
269+
$format = $request->getRequestFormat(null);
270270
if (null !== $format && $mimeType = $request->getMimeType($format)) {
271271
$headers->set('Content-Type', $mimeType);
272272
}

‎src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
+14-1Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -497,12 +497,25 @@ public function testPrepareDoesNothingIfRequestFormatIsNotDefined()
497497
$this->assertEquals('text/html; charset=UTF-8', $response->headers->get('content-type'));
498498
}
499499

500+
/**
501+
* Same URL cannot produce different Content-Type based on the value of the Accept header,
502+
* unless explicitly stated in the response object.
503+
*/
504+
public function testPrepareDoesNotSetContentTypeBasedOnRequestAcceptHeader()
505+
{
506+
$response = new Response('foo');
507+
$request = Request::create('/');
508+
$request->headers->set('Accept', 'application/json');
509+
$response->prepare($request);
510+
511+
$this->assertSame('text/html; charset=UTF-8', $response->headers->get('content-type'));
512+
}
513+
500514
public function testPrepareSetContentType()
501515
{
502516
$response = new Response('foo');
503517
$request = Request::create('/');
504518
$request->setRequestFormat('json');
505-
$request->headers->remove('accept');
506519

507520
$response->prepare($request);
508521

‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
+7-2Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,11 +54,16 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
5454
}
5555

5656
/**
57+
* @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array
58+
*
5759
* {@inheritdoc}
5860
*/
59-
public function decide(TokenInterface $token, array $attributes, $object = null)
61+
public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/)
6062
{
61-
if (\count($attributes) > 1) {
63+
$allowMultipleAttributes = 3 < func_num_args() && func_get_arg(3);
64+
65+
// Special case for AccessListener, do not remove the right side of the condition before 6.0
66+
if (\count($attributes) > 1 && !$allowMultipleAttributes) {
6267
throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to "%s()" is not supported.', __METHOD__));
6368
}
6469

‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/AccessListener.php
+1-9Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -85,15 +85,7 @@ public function authenticate(RequestEvent $event)
8585
$this->tokenStorage->setToken($token);
8686
}
8787

88-
$granted = false;
89-
foreach ($attributes as $key => $value) {
90-
if ($this->accessDecisionManager->decide($token, [$key => $value], $request)) {
91-
$granted = true;
92-
break;
93-
}
94-
}
95-
96-
if (!$granted) {
88+
if (!$this->accessDecisionManager->decide($token, $attributes, $request, true)) {
9789
$exception = new AccessDeniedException();
9890
$exception->setAttributes($attributes);
9991
$exception->setSubject($request);

‎src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
+41Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Symfony\Component\HttpKernel\Event\RequestEvent;
1717
use Symfony\Component\HttpKernel\HttpKernelInterface;
1818
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
19+
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1920
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2021
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
2122
use Symfony\Component\Security\Http\AccessMapInterface;
@@ -227,4 +228,44 @@ public function testHandleWhenTheSecurityTokenStorageHasNoToken()
227228

228229
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MASTER_REQUEST));
229230
}
231+
232+
public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
233+
{
234+
$request = new Request();
235+
236+
$accessMap = $this->getMockBuilder('Symfony\Component\Security\Http\AccessMapInterface')->getMock();
237+
$accessMap
238+
->expects($this->any())
239+
->method('getPatterns')
240+
->with($this->equalTo($request))
241+
->willReturn([['foo' => 'bar', 'bar' => 'baz'], null])
242+
;
243+
244+
$authenticatedToken = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
245+
$authenticatedToken
246+
->expects($this->any())
247+
->method('isAuthenticated')
248+
->willReturn(true)
249+
;
250+
251+
$tokenStorage = new TokenStorage();
252+
$tokenStorage->setToken($authenticatedToken);
253+
254+
$accessDecisionManager = $this->getMockBuilder('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')->getMock();
255+
$accessDecisionManager
256+
->expects($this->once())
257+
->method('decide')
258+
->with($this->equalTo($authenticatedToken), $this->equalTo(['foo' => 'bar', 'bar' => 'baz']), $this->equalTo($request), true)
259+
->willReturn(true)
260+
;
261+
262+
$listener = new AccessListener(
263+
$tokenStorage,
264+
$accessDecisionManager,
265+
$accessMap,
266+
$this->createMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')
267+
);
268+
269+
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MASTER_REQUEST));
270+
}
230271
}

‎src/Symfony/Component/Security/Http/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/composer.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
],
1818
"require": {
1919
"php": "^7.2.5",
20-
"symfony/security-core": "^4.4|^5.0",
20+
"symfony/security-core": "^4.4.7|^5.0.7",
2121
"symfony/http-foundation": "^4.4.7|^5.0.7",
2222
"symfony/http-kernel": "^4.4|^5.0",
2323
"symfony/property-access": "^4.4|^5.0"

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.