Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit be11681

Browse filesBrowse files
xabbuhxabbuh
committed
deprecate finding deep items in request parameters
1 parent 00dffe7 commit be11681
Copy full SHA for be11681

14 files changed

+156
-17
lines changed

‎src/Symfony/Component/HttpFoundation/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
2.8.0
5+
-----
6+
7+
* Finding deep items in `ParameterBag::get()` is deprecated since version 2.8 and
8+
will be removed in 3.0.
9+
410
2.6.0
511
-----
612

‎src/Symfony/Component/HttpFoundation/ParameterBag.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/ParameterBag.php
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,8 @@ public function add(array $parameters = array())
7878
/**
7979
* Returns a parameter by name.
8080
*
81+
* Note: Finding deep items is deprecated since version 2.8, to be removed in 3.0.
82+
*
8183
* @param string $path The key
8284
* @param mixed $default The default value if the parameter key does not exist
8385
* @param bool $deep If true, a path like foo[bar] will find deeper items
@@ -88,6 +90,10 @@ public function add(array $parameters = array())
8890
*/
8991
public function get($path, $default = null, $deep = false)
9092
{
93+
if (true === $deep) {
94+
@trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
95+
}
96+
9197
if (!$deep || false === $pos = strpos($path, '[')) {
9298
return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;
9399
}

‎src/Symfony/Component/HttpFoundation/Request.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -714,6 +714,8 @@ public static function getHttpMethodParameterOverride()
714714
* It is better to explicitly get request parameters from the appropriate
715715
* public property instead (query, attributes, request).
716716
*
717+
* Note: Finding deep items is deprecated since version 2.8, to be removed in 3.0.
718+
*
717719
* @param string $key the key
718720
* @param mixed $default the default value
719721
* @param bool $deep is parameter deep in multidimensional array
@@ -722,6 +724,10 @@ public static function getHttpMethodParameterOverride()
722724
*/
723725
public function get($key, $default = null, $deep = false)
724726
{
727+
if (true === $deep) {
728+
@trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
729+
}
730+
725731
if ($this !== $result = $this->query->get($key, $this, $deep)) {
726732
return $result;
727733
}

‎src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ public function testGetDoesNotUseDeepByDefault()
8686
}
8787

8888
/**
89+
* @group legacy
8990
* @dataProvider getInvalidPaths
9091
* @expectedException \InvalidArgumentException
9192
*/
@@ -106,6 +107,9 @@ public function getInvalidPaths()
106107
);
107108
}
108109

110+
/**
111+
* @group legacy
112+
*/
109113
public function testGetDeep()
110114
{
111115
$bag = new ParameterBag(array('foo' => array('bar' => array('moo' => 'boo'))));

‎src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1818
use Symfony\Component\Security\Core\Security;
1919
use Symfony\Component\Security\Http\HttpUtils;
20+
use Symfony\Component\Security\Http\ParameterBagUtils;
2021

2122
/**
2223
* Class with the default authentication failure handling logic.
@@ -82,7 +83,7 @@ public function setOptions(array $options)
8283
*/
8384
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
8485
{
85-
if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) {
86+
if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
8687
$this->options['failure_path'] = $failureUrl;
8788
}
8889

‎src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1515
use Symfony\Component\HttpFoundation\Request;
1616
use Symfony\Component\Security\Http\HttpUtils;
17+
use Symfony\Component\Security\Http\ParameterBagUtils;
1718

1819
/**
1920
* Class with the default authentication success handling logic.
@@ -108,7 +109,7 @@ protected function determineTargetUrl(Request $request)
108109
return $this->options['default_target_path'];
109110
}
110111

111-
if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
112+
if ($targetUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['target_path_parameter'])) {
112113
return $targetUrl;
113114
}
114115

‎src/Symfony/Component/Security/Http/Firewall/LogoutListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
use Symfony\Component\Security\Http\HttpUtils;
2525
use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
2626
use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
27+
use Symfony\Component\Security\Http\ParameterBagUtils;
2728

2829
/**
2930
* LogoutListener logout users.
@@ -98,7 +99,7 @@ public function handle(GetResponseEvent $event)
9899
}
99100

100101
if (null !== $this->csrfTokenManager) {
101-
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
102+
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
102103

103104
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
104105
throw new LogoutException('Invalid CSRF token.');

‎src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
+6-5Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2727
use Symfony\Component\Security\Core\Security;
2828
use Symfony\Component\Security\Http\HttpUtils;
29+
use Symfony\Component\Security\Http\ParameterBagUtils;
2930
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
3031
use Psr\Log\LoggerInterface;
3132

@@ -101,19 +102,19 @@ protected function requiresAuthentication(Request $request)
101102
protected function attemptAuthentication(Request $request)
102103
{
103104
if (null !== $this->csrfTokenManager) {
104-
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
105+
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
105106

106107
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
107108
throw new InvalidCsrfTokenException('Invalid CSRF token.');
108109
}
109110
}
110111

111112
if ($this->options['post_only']) {
112-
$username = trim($request->request->get($this->options['username_parameter'], null, true));
113-
$password = $request->request->get($this->options['password_parameter'], null, true);
113+
$username = trim(ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']));
114+
$password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
114115
} else {
115-
$username = trim($request->get($this->options['username_parameter'], null, true));
116-
$password = $request->get($this->options['password_parameter'], null, true);
116+
$username = trim(ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']));
117+
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
117118
}
118119

119120
$request->getSession()->set(Security::LAST_USERNAME, $username);

‎src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+6-5Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
2020
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
2121
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
22+
use Symfony\Component\Security\Http\ParameterBagUtils;
2223
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
2324
use Symfony\Component\Security\Http\HttpUtils;
2425
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
@@ -76,19 +77,19 @@ protected function requiresAuthentication(Request $request)
7677
protected function attemptAuthentication(Request $request)
7778
{
7879
if (null !== $this->csrfTokenManager) {
79-
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
80+
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
8081

8182
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
8283
throw new InvalidCsrfTokenException('Invalid CSRF token.');
8384
}
8485
}
8586

8687
if ($this->options['post_only']) {
87-
$username = trim($request->request->get($this->options['username_parameter'], null, true));
88-
$password = $request->request->get($this->options['password_parameter'], null, true);
88+
$username = trim(ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']));
89+
$password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
8990
} else {
90-
$username = trim($request->get($this->options['username_parameter'], null, true));
91-
$password = $request->get($this->options['password_parameter'], null, true);
91+
$username = trim(ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']));
92+
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
9293
}
9394

9495
$request->getSession()->set(Security::LAST_USERNAME, $username);

‎src/Symfony/Component/Security/Http/ParameterBagUtils.php

Copy file name to clipboard
+83Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Http;
13+
14+
use Symfony\Component\HttpFoundation\ParameterBag;
15+
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\PropertyAccess\PropertyAccess;
17+
18+
/**
19+
* @internal
20+
*/
21+
final class ParameterBagUtils
22+
{
23+
private static $propertyAccessor;
24+
25+
/**
26+
* Returns a "parameter" value.
27+
*
28+
* Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
29+
*
30+
* @param ParameterBag $parameters The parameter bag
31+
* @param string $path The key
32+
* @param mixed $default The default value if the parameter key does not exist
33+
*
34+
* @return mixed
35+
*/
36+
public static function getParameterBagValue(ParameterBag $parameters, $path, $default = null)
37+
{
38+
if (false === $pos = strpos($path, '[')) {
39+
return $parameters->get($path, $default);
40+
}
41+
42+
$root = substr($path, 0, $pos);
43+
44+
if (null === $value = $parameters->get($root)) {
45+
return $default;
46+
}
47+
48+
if (null === self::$propertyAccessor) {
49+
self::$propertyAccessor = PropertyAccess::createPropertyAccessor();
50+
}
51+
52+
return self::$propertyAccessor->getValue($value, substr($path, $pos));
53+
}
54+
55+
/**
56+
* Returns a request "parameter" value.
57+
*
58+
* Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
59+
*
60+
* @param Request $request The request
61+
* @param string $path The key
62+
*
63+
* @return mixed
64+
*/
65+
public static function getRequestParameterValue(Request $request, $path)
66+
{
67+
if (false === $pos = strpos($path, '[')) {
68+
return $request->get($path);
69+
}
70+
71+
$root = substr($path, 0, $pos);
72+
73+
if (null === $value = $request->get($root)) {
74+
return;
75+
}
76+
77+
if (null === self::$propertyAccessor) {
78+
self::$propertyAccessor = PropertyAccess::createPropertyAccessor();
79+
}
80+
81+
return self::$propertyAccessor->getValue($value, substr($path, $pos));
82+
}
83+
}

‎src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
use Symfony\Component\HttpFoundation\Request;
2424
use Symfony\Component\HttpFoundation\Cookie;
2525
use Psr\Log\LoggerInterface;
26+
use Symfony\Component\Security\Http\ParameterBagUtils;
2627

2728
/**
2829
* Base class implementing the RememberMeServicesInterface.
@@ -319,7 +320,7 @@ protected function isRememberMeRequested(Request $request)
319320
return true;
320321
}
321322

322-
$parameter = $request->get($this->options['remember_me_parameter'], null, true);
323+
$parameter = ParameterBagUtils::getRequestParameterValue($request, $this->options['remember_me_parameter']);
323324

324325
if (null === $parameter && null !== $this->logger) {
325326
$this->logger->debug('Did not send remember-me cookie.', array('parameter' => $this->options['remember_me_parameter']));

‎src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
+15-2Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ public function testFailurePathCanBeOverwritten()
145145
public function testFailurePathCanBeOverwrittenWithRequest()
146146
{
147147
$this->request->expects($this->once())
148-
->method('get')->with('_failure_path', null, true)
148+
->method('get')->with('_failure_path', null, false)
149149
->will($this->returnValue('/auth/login'));
150150

151151
$this->httpUtils->expects($this->once())
@@ -155,12 +155,25 @@ public function testFailurePathCanBeOverwrittenWithRequest()
155155
$handler->onAuthenticationFailure($this->request, $this->exception);
156156
}
157157

158+
public function testFailurePathCanBeOverwrittenWithNestedAttributeInRequest()
159+
{
160+
$this->request->expects($this->once())
161+
->method('get')->with('_failure_path', null, false)
162+
->will($this->returnValue(array('value' => '/auth/login')));
163+
164+
$this->httpUtils->expects($this->once())
165+
->method('createRedirectResponse')->with($this->request, '/auth/login');
166+
167+
$handler = new DefaultAuthenticationFailureHandler($this->httpKernel, $this->httpUtils, array('failure_path_parameter' => '_failure_path[value]'), $this->logger);
168+
$handler->onAuthenticationFailure($this->request, $this->exception);
169+
}
170+
158171
public function testFailurePathParameterCanBeOverwritten()
159172
{
160173
$options = array('failure_path_parameter' => '_my_failure_path');
161174

162175
$this->request->expects($this->once())
163-
->method('get')->with('_my_failure_path', null, true)
176+
->method('get')->with('_my_failure_path', null, false)
164177
->will($this->returnValue('/auth/login'));
165178

166179
$this->httpUtils->expects($this->once())

‎src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,20 @@ public function testTargetPathIsPassedWithRequest()
6868
$this->assertSame($response, $result);
6969
}
7070

71+
public function testTargetPathIsPassedAsNestedParameterWithRequest()
72+
{
73+
$this->request->expects($this->once())
74+
->method('get')->with('_target_path')
75+
->will($this->returnValue(array('value' => '/dashboard')));
76+
77+
$response = $this->expectRedirectResponse('/dashboard');
78+
79+
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array('target_path_parameter' => '_target_path[value]'));
80+
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
81+
82+
$this->assertSame($response, $result);
83+
}
84+
7185
public function testTargetPathParameterIsCustomised()
7286
{
7387
$options = array('target_path_parameter' => '_my_target_path');

‎src/Symfony/Component/Security/Http/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/composer.json
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@
2020
"symfony/security-core": "~2.8",
2121
"symfony/event-dispatcher": "~2.1|~3.0.0",
2222
"symfony/http-foundation": "~2.4|~3.0.0",
23-
"symfony/http-kernel": "~2.4|~3.0.0"
23+
"symfony/http-kernel": "~2.4|~3.0.0",
24+
"symfony/property-access": "~2.3|~3.0.0"
2425
},
2526
"require-dev": {
2627
"symfony/phpunit-bridge": "~2.7|~3.0.0",

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.