From f6ab2bffd8873530603350362b5a5baa8e371484 Mon Sep 17 00:00:00 2001
From: Oleg Zhulnev <plbsid@gmail.com>
Date: Tue, 1 Jun 2021 14:01:19 +0300
Subject: [PATCH 1/2] Do not allow to denormalize string with spaces to valid
 DateTime object

---
 .../Serializer/Normalizer/DateTimeNormalizer.php  |  2 +-
 .../Tests/Normalizer/DateTimeNormalizerTest.php   | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Serializer/Normalizer/DateTimeNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/DateTimeNormalizer.php
index 8bdfc977efd5d..f48745031e8b7 100644
--- a/src/Symfony/Component/Serializer/Normalizer/DateTimeNormalizer.php
+++ b/src/Symfony/Component/Serializer/Normalizer/DateTimeNormalizer.php
@@ -97,7 +97,7 @@ public function denormalize($data, $type, $format = null, array $context = [])
         $dateTimeFormat = $context[self::FORMAT_KEY] ?? null;
         $timezone = $this->getTimezone($context);
 
-        if ('' === $data || null === $data) {
+        if (null === $data || (\is_string($data) && '' === trim($data))) {
             throw new NotNormalizableValueException('The data is either an empty string or null, you should pass a string that can be parsed with the passed format or a valid DateTime string.');
         }
 
diff --git a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
index 576d5eb03f105..43c6285f6c527 100644
--- a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
+++ b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
@@ -201,6 +201,7 @@ public function testDenormalize()
         $this->assertEquals(new \DateTimeImmutable('2016/01/01', new \DateTimeZone('UTC')), $this->normalizer->denormalize('2016-01-01T00:00:00+00:00', \DateTimeInterface::class));
         $this->assertEquals(new \DateTimeImmutable('2016/01/01', new \DateTimeZone('UTC')), $this->normalizer->denormalize('2016-01-01T00:00:00+00:00', \DateTimeImmutable::class));
         $this->assertEquals(new \DateTime('2016/01/01', new \DateTimeZone('UTC')), $this->normalizer->denormalize('2016-01-01T00:00:00+00:00', \DateTime::class));
+        $this->assertEquals(new \DateTime('2016/01/01', new \DateTimeZone('UTC')), $this->normalizer->denormalize('  2016-01-01T00:00:00+00:00  ', \DateTime::class));
     }
 
     public function testDenormalizeUsingTimezonePassedInConstructor()
@@ -290,6 +291,20 @@ public function testDenormalizeEmptyStringThrowsException()
         $this->normalizer->denormalize('', \DateTimeInterface::class);
     }
 
+    public function testDenormalizeStringWithSpacesOnlyThrowsAnException()
+    {
+        $this->expectException(UnexpectedValueException::class);
+        $this->expectExceptionMessage('The data is either an empty string or null, you should pass a string that can be parsed with the passed format or a valid DateTime string.');
+        $this->normalizer->denormalize('  ', \DateTimeInterface::class);
+    }
+
+    public function testDenormalizeDateTimeStringWithSpacesUsingFormatPassedInContextThrowsAnException()
+    {
+        $this->expectException(UnexpectedValueException::class);
+        $this->expectExceptionMessage("Parsing datetime string \"  2016.01.01  \" using format \"Y.m.d|\" resulted in 2 errors:\nat position 0: Unexpected data found.\nat position 12: Trailing data");
+        $this->normalizer->denormalize('  2016.01.01  ', \DateTime::class, null, [DateTimeNormalizer::FORMAT_KEY => 'Y.m.d|']);
+    }
+
     public function testDenormalizeFormatMismatchThrowsException()
     {
         $this->expectException(UnexpectedValueException::class);

From c2a204945d648d2c16d32e79119b7fb141aa5a63 Mon Sep 17 00:00:00 2001
From: Oleg Zhulnev <plbsid@gmail.com>
Date: Thu, 3 Jun 2021 20:23:11 +0300
Subject: [PATCH 2/2] Fix expected message

---
 .../Serializer/Tests/Normalizer/DateTimeNormalizerTest.php      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
index 43c6285f6c527..51fc17d85afea 100644
--- a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
+++ b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php
@@ -301,7 +301,7 @@ public function testDenormalizeStringWithSpacesOnlyThrowsAnException()
     public function testDenormalizeDateTimeStringWithSpacesUsingFormatPassedInContextThrowsAnException()
     {
         $this->expectException(UnexpectedValueException::class);
-        $this->expectExceptionMessage("Parsing datetime string \"  2016.01.01  \" using format \"Y.m.d|\" resulted in 2 errors:\nat position 0: Unexpected data found.\nat position 12: Trailing data");
+        $this->expectExceptionMessage("Parsing datetime string \"  2016.01.01  \" using format \"Y.m.d|\" resulted in 2 errors: \nat position 0: Unexpected data found.\nat position 12: Trailing data");
         $this->normalizer->denormalize('  2016.01.01  ', \DateTime::class, null, [DateTimeNormalizer::FORMAT_KEY => 'Y.m.d|']);
     }