From df2c12dab2d3dfe82e82a8d430dfb4fc5c80da33 Mon Sep 17 00:00:00 2001
From: Francisco Alvarez Alonso <sormes@gmail.com>
Date: Fri, 15 Mar 2024 21:33:22 +0100
Subject: [PATCH 1/3] Throw TransformationFailedException when there is a null
 bytes injection.

---
 .../DataTransformer/DateTimeToStringTransformer.php |  4 ++++
 .../DateTimeToStringTransformerTest.php             | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
index 4e3df8690a571..6f29189897ace 100644
--- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
+++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
@@ -118,6 +118,10 @@ public function reverseTransform($value)
             throw new TransformationFailedException('Expected a string.');
         }
 
+        if (true === str_contains($value, "\0")) {
+            throw new TransformationFailedException('Null bytes not allowed');
+        }
+
         $outputTz = new \DateTimeZone($this->outputTimezone);
         $dateTime = \DateTime::createFromFormat($this->parseFormat, $value, $outputTz);
 
diff --git a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
index 66ad9ff416e26..b898437758961 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
@@ -133,6 +133,19 @@ public function testReverseTransformEmpty()
         $this->assertNull($reverseTransformer->reverseTransform(''));
     }
 
+    public function testReverseTransformWithNullBytes()
+    {
+        $transformer = new DateTimeToStringTransformer();
+
+        $nullByte = chr(0);
+        $value = '2024-03-15 21:11:00'.$nullByte;
+
+        $this->expectException(TransformationFailedException::class);
+        $this->expectExceptionMessage('Null bytes not allowed');
+
+        $transformer->reverseTransform($value);
+    }
+
     public function testReverseTransformWithDifferentTimezones()
     {
         $reverseTransformer = new DateTimeToStringTransformer('America/New_York', 'Asia/Hong_Kong', 'Y-m-d H:i:s');

From 2dd9b2151541c839fd4e0af9e1879ddbf115c4f8 Mon Sep 17 00:00:00 2001
From: Francisco Alvarez Alonso <sormes@gmail.com>
Date: Sat, 16 Mar 2024 02:03:17 +0100
Subject: [PATCH 2/3] fix cs

---
 .../Core/DataTransformer/DateTimeToStringTransformerTest.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
index b898437758961..f7ef667e769b6 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToStringTransformerTest.php
@@ -137,7 +137,7 @@ public function testReverseTransformWithNullBytes()
     {
         $transformer = new DateTimeToStringTransformer();
 
-        $nullByte = chr(0);
+        $nullByte = \chr(0);
         $value = '2024-03-15 21:11:00'.$nullByte;
 
         $this->expectException(TransformationFailedException::class);

From 9b655202156f1a909a213bf220b7325b8bf714d3 Mon Sep 17 00:00:00 2001
From: Francisco Alvarez Alonso <sormes@gmail.com>
Date: Sat, 16 Mar 2024 05:44:31 +0100
Subject: [PATCH 3/3] fix cs

---
 .../Core/DataTransformer/DateTimeToStringTransformer.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
index 6f29189897ace..b4e13eb8fb1cc 100644
--- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
+++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToStringTransformer.php
@@ -118,7 +118,7 @@ public function reverseTransform($value)
             throw new TransformationFailedException('Expected a string.');
         }
 
-        if (true === str_contains($value, "\0")) {
+        if (str_contains($value, "\0")) {
             throw new TransformationFailedException('Null bytes not allowed');
         }