Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b65e6f1

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas)
This PR was merged into the 2.7 branch. Discussion ---------- [Form] Filter file uploads out of regular form types | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - This PR filters uploaded files out of the data processed by any form type except `FileType`. Commits ------- 205a44e [Form] Filter file uploads out of regular form types
2 parents cb8302c + 205a44e commit b65e6f1
Copy full SHA for b65e6f1

File tree

Expand file treeCollapse file tree

4 files changed

+27
-1
lines changed
Filter options
Expand file treeCollapse file tree

4 files changed

+27
-1
lines changed

‎src/Symfony/Component/Form/Extension/Core/Type/FileType.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Form/Extension/Core/Type/FileType.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ public function configureOptions(OptionsResolver $resolver)
105105
'data_class' => $dataClass,
106106
'empty_data' => $emptyData,
107107
'multiple' => false,
108+
'allow_file_upload' => true,
108109
));
109110
}
110111

‎src/Symfony/Component/Form/Extension/Core/Type/FormType.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Form/Extension/Core/Type/FormType.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,7 @@ public function configureOptions(OptionsResolver $resolver)
213213
'attr' => $defaultAttr,
214214
'post_max_size_message' => 'The uploaded file was too large. Please try to upload a smaller file.',
215215
'upload_max_size_message' => $uploadMaxSizeMessage, // internal
216+
'allow_file_upload' => false,
216217
));
217218

218219
$resolver->setAllowedTypes('label_attr', 'array');

‎src/Symfony/Component/Form/Form.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Form/Form.php
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -541,6 +541,11 @@ public function submit($submittedData, $clearMissing = true)
541541
$submittedData = null;
542542
} elseif (is_scalar($submittedData)) {
543543
$submittedData = (string) $submittedData;
544+
} elseif ($this->config->getOption('allow_file_upload')) {
545+
// no-op
546+
} elseif ($this->config->getRequestHandler()->isFileUpload($submittedData)) {
547+
$submittedData = null;
548+
$this->transformationFailure = new TransformationFailedException('Submitted data was expected to be text or number, file upload given.');
544549
}
545550

546551
$dispatcher = $this->config->getEventDispatcher();
@@ -550,6 +555,10 @@ public function submit($submittedData, $clearMissing = true)
550555
$viewData = null;
551556

552557
try {
558+
if (null !== $this->transformationFailure) {
559+
throw $this->transformationFailure;
560+
}
561+
553562
// Hook to change content of the data submitted by the browser
554563
if ($dispatcher->hasListeners(FormEvents::PRE_SUBMIT)) {
555564
$event = new FormEvent($this, $submittedData);

‎src/Symfony/Component/Form/Tests/CompoundFormTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Form/Tests/CompoundFormTest.php
+16-1Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -712,7 +712,7 @@ public function testSubmitPostOrPutRequestWithSingleChildForm($method)
712712
'REQUEST_METHOD' => $method,
713713
));
714714

715-
$form = $this->getBuilder('image')
715+
$form = $this->getBuilder('image', null, null, array('allow_file_upload' => true))
716716
->setMethod($method)
717717
->setRequestHandler(new HttpFoundationRequestHandler())
718718
->getForm();
@@ -1088,6 +1088,21 @@ public function testDisabledButtonIsNotSubmitted()
10881088
$this->assertFalse($submit->isSubmitted());
10891089
}
10901090

1091+
public function testFileUpload()
1092+
{
1093+
$reqHandler = new HttpFoundationRequestHandler();
1094+
$this->form->add($this->getBuilder('foo')->setRequestHandler($reqHandler)->getForm());
1095+
$this->form->add($this->getBuilder('bar')->setRequestHandler($reqHandler)->getForm());
1096+
1097+
$this->form->submit(array(
1098+
'foo' => 'Foo',
1099+
'bar' => new UploadedFile(__FILE__, 'upload.png', 'image/png', 123, UPLOAD_ERR_OK),
1100+
));
1101+
1102+
$this->assertSame('Submitted data was expected to be text or number, file upload given.', $this->form->get('bar')->getTransformationFailure()->getMessage());
1103+
$this->assertNull($this->form->get('bar')->getData());
1104+
}
1105+
10911106
protected function createForm()
10921107
{
10931108
return $this->getBuilder()

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.