diff --git a/composer.json b/composer.json index 3ec03e80e..bae810c4c 100644 --- a/composer.json +++ b/composer.json @@ -52,7 +52,7 @@ "stecman/symfony-console-completion": "^0.13.0", "symfony/console": "^6.4.17", "symfony/event-dispatcher": "^6.4.13", - "symfony/http-foundation": "^6.4.18", + "symfony/http-foundation": "^6.4.29", "symfony/mailer": "^6.4", "symfony/polyfill-intl-grapheme": "^1.31.0", "symfony/polyfill-intl-normalizer": "^1.31.0", diff --git a/composer.lock b/composer.lock index f9ddc32a9..5cda70d31 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "52bf86ecb611033d85ec172eab991cd6", + "content-hash": "bc7532497be3ed51cb9cfe4ea19c0d0c", "packages": [ { "name": "aws/aws-crt-php", @@ -4601,16 +4601,16 @@ }, { "name": "symfony/http-foundation", - "version": "v6.4.18", + "version": "v6.4.29", "source": { "type": "git", "url": "https://github.com/symfony/http-foundation.git", - "reference": "d0492d6217e5ab48f51fca76f64cf8e78919d0db" + "reference": "b03d11e015552a315714c127d8d1e0f9e970ec88" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-foundation/zipball/d0492d6217e5ab48f51fca76f64cf8e78919d0db", - "reference": "d0492d6217e5ab48f51fca76f64cf8e78919d0db", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/b03d11e015552a315714c127d8d1e0f9e970ec88", + "reference": "b03d11e015552a315714c127d8d1e0f9e970ec88", "shasum": "" }, "require": { @@ -4658,7 +4658,7 @@ "description": "Defines an object-oriented layer for the HTTP specification", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-foundation/tree/v6.4.18" + "source": "https://github.com/symfony/http-foundation/tree/v6.4.29" }, "funding": [ { @@ -4669,12 +4669,16 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2025-01-09T15:48:56+00:00" + "time": "2025-11-08T16:40:12+00:00" }, { "name": "symfony/mailer", diff --git a/composer/installed.json b/composer/installed.json index 56ab1e331..36a47dbaf 100644 --- a/composer/installed.json +++ b/composer/installed.json @@ -4799,17 +4799,17 @@ }, { "name": "symfony/http-foundation", - "version": "v6.4.18", - "version_normalized": "6.4.18.0", + "version": "v6.4.29", + "version_normalized": "6.4.29.0", "source": { "type": "git", "url": "https://github.com/symfony/http-foundation.git", - "reference": "d0492d6217e5ab48f51fca76f64cf8e78919d0db" + "reference": "b03d11e015552a315714c127d8d1e0f9e970ec88" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-foundation/zipball/d0492d6217e5ab48f51fca76f64cf8e78919d0db", - "reference": "d0492d6217e5ab48f51fca76f64cf8e78919d0db", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/b03d11e015552a315714c127d8d1e0f9e970ec88", + "reference": "b03d11e015552a315714c127d8d1e0f9e970ec88", "shasum": "" }, "require": { @@ -4831,7 +4831,7 @@ "symfony/mime": "^5.4|^6.0|^7.0", "symfony/rate-limiter": "^5.4|^6.0|^7.0" }, - "time": "2025-01-09T15:48:56+00:00", + "time": "2025-11-08T16:40:12+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -4859,7 +4859,7 @@ "description": "Defines an object-oriented layer for the HTTP specification", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-foundation/tree/v6.4.18" + "source": "https://github.com/symfony/http-foundation/tree/v6.4.29" }, "funding": [ { @@ -4870,6 +4870,10 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" diff --git a/composer/installed.php b/composer/installed.php index 921c42771..f7345e121 100644 --- a/composer/installed.php +++ b/composer/installed.php @@ -704,9 +704,9 @@ ), ), 'symfony/http-foundation' => array( - 'pretty_version' => 'v6.4.18', - 'version' => '6.4.18.0', - 'reference' => 'd0492d6217e5ab48f51fca76f64cf8e78919d0db', + 'pretty_version' => 'v6.4.29', + 'version' => '6.4.29.0', + 'reference' => 'b03d11e015552a315714c127d8d1e0f9e970ec88', 'type' => 'library', 'install_path' => __DIR__ . '/../symfony/http-foundation', 'aliases' => array(), diff --git a/symfony/http-foundation/BinaryFileResponse.php b/symfony/http-foundation/BinaryFileResponse.php index 41a244b81..9cd86879b 100644 --- a/symfony/http-foundation/BinaryFileResponse.php +++ b/symfony/http-foundation/BinaryFileResponse.php @@ -163,7 +163,7 @@ public function setContentDisposition(string $disposition, string $filename = '' for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) { $char = mb_substr($filename, $i, 1, $encoding); - if ('%' === $char || \ord($char) < 32 || \ord($char) > 126) { + if ('%' === $char || \ord($char[0]) < 32 || \ord($char[0]) > 126) { $filenameFallback .= '_'; } else { $filenameFallback .= $char; @@ -229,7 +229,7 @@ public function prepare(Request $request): static $path = $location.substr($path, \strlen($pathPrefix)); // Only set X-Accel-Redirect header if a valid URI can be produced // as nginx does not serve arbitrary file paths. - $this->headers->set($type, $path); + $this->headers->set($type, rawurlencode($path)); $this->maxlen = 0; break; } @@ -259,13 +259,13 @@ public function prepare(Request $request): static $end = min($end, $fileSize - 1); if ($start < 0 || $start > $end) { $this->setStatusCode(416); - $this->headers->set('Content-Range', sprintf('bytes */%s', $fileSize)); + $this->headers->set('Content-Range', \sprintf('bytes */%s', $fileSize)); } elseif ($end - $start < $fileSize - 1) { $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1; $this->offset = $start; $this->setStatusCode(206); - $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize)); + $this->headers->set('Content-Range', \sprintf('bytes %s-%s/%s', $start, $end, $fileSize)); $this->headers->set('Content-Length', $end - $start + 1); } } diff --git a/symfony/http-foundation/Cookie.php b/symfony/http-foundation/Cookie.php index 4a3b73608..05c6c62d5 100644 --- a/symfony/http-foundation/Cookie.php +++ b/symfony/http-foundation/Cookie.php @@ -101,7 +101,7 @@ public function __construct(string $name, ?string $value = null, int|string|\Dat { // from PHP source code if ($raw && false !== strpbrk($name, self::RESERVED_CHARS_LIST)) { - throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name)); + throw new \InvalidArgumentException(\sprintf('The cookie name "%s" contains invalid characters.', $name)); } if (empty($name)) { @@ -211,7 +211,7 @@ public function withHttpOnly(bool $httpOnly = true): static public function withRaw(bool $raw = true): static { if ($raw && false !== strpbrk($this->name, self::RESERVED_CHARS_LIST)) { - throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $this->name)); + throw new \InvalidArgumentException(\sprintf('The cookie name "%s" contains invalid characters.', $this->name)); } $cookie = clone $this; diff --git a/symfony/http-foundation/File/Exception/AccessDeniedException.php b/symfony/http-foundation/File/Exception/AccessDeniedException.php index 136d2a9f5..79ab0fce3 100644 --- a/symfony/http-foundation/File/Exception/AccessDeniedException.php +++ b/symfony/http-foundation/File/Exception/AccessDeniedException.php @@ -20,6 +20,6 @@ class AccessDeniedException extends FileException { public function __construct(string $path) { - parent::__construct(sprintf('The file %s could not be accessed', $path)); + parent::__construct(\sprintf('The file %s could not be accessed', $path)); } } diff --git a/symfony/http-foundation/File/Exception/FileNotFoundException.php b/symfony/http-foundation/File/Exception/FileNotFoundException.php index 31bdf68fe..3a5eb039b 100644 --- a/symfony/http-foundation/File/Exception/FileNotFoundException.php +++ b/symfony/http-foundation/File/Exception/FileNotFoundException.php @@ -20,6 +20,6 @@ class FileNotFoundException extends FileException { public function __construct(string $path) { - parent::__construct(sprintf('The file "%s" does not exist', $path)); + parent::__construct(\sprintf('The file "%s" does not exist', $path)); } } diff --git a/symfony/http-foundation/File/Exception/UnexpectedTypeException.php b/symfony/http-foundation/File/Exception/UnexpectedTypeException.php index 905bd5962..09b1c7e18 100644 --- a/symfony/http-foundation/File/Exception/UnexpectedTypeException.php +++ b/symfony/http-foundation/File/Exception/UnexpectedTypeException.php @@ -15,6 +15,6 @@ class UnexpectedTypeException extends FileException { public function __construct(mixed $value, string $expectedType) { - parent::__construct(sprintf('Expected argument of type %s, %s given', $expectedType, get_debug_type($value))); + parent::__construct(\sprintf('Expected argument of type %s, %s given', $expectedType, get_debug_type($value))); } } diff --git a/symfony/http-foundation/File/File.php b/symfony/http-foundation/File/File.php index 34ca5a537..c369ecbfb 100644 --- a/symfony/http-foundation/File/File.php +++ b/symfony/http-foundation/File/File.php @@ -93,7 +93,7 @@ public function move(string $directory, ?string $name = null): self restore_error_handler(); } if (!$renamed) { - throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); + throw new FileException(\sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); } @chmod($target, 0666 & ~umask()); @@ -106,7 +106,7 @@ public function getContent(): string $content = file_get_contents($this->getPathname()); if (false === $content) { - throw new FileException(sprintf('Could not get the content of the file "%s".', $this->getPathname())); + throw new FileException(\sprintf('Could not get the content of the file "%s".', $this->getPathname())); } return $content; @@ -116,10 +116,10 @@ protected function getTargetFile(string $directory, ?string $name = null): self { if (!is_dir($directory)) { if (false === @mkdir($directory, 0777, true) && !is_dir($directory)) { - throw new FileException(sprintf('Unable to create the "%s" directory.', $directory)); + throw new FileException(\sprintf('Unable to create the "%s" directory.', $directory)); } } elseif (!is_writable($directory)) { - throw new FileException(sprintf('Unable to write in the "%s" directory.', $directory)); + throw new FileException(\sprintf('Unable to write in the "%s" directory.', $directory)); } $target = rtrim($directory, '/\\').\DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : $this->getName($name)); diff --git a/symfony/http-foundation/File/UploadedFile.php b/symfony/http-foundation/File/UploadedFile.php index f475d028d..85aab2872 100644 --- a/symfony/http-foundation/File/UploadedFile.php +++ b/symfony/http-foundation/File/UploadedFile.php @@ -174,7 +174,7 @@ public function move(string $directory, ?string $name = null): File restore_error_handler(); } if (!$moved) { - throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); + throw new FileException(\sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); } @chmod($target, 0666 & ~umask()); @@ -264,6 +264,6 @@ public function getErrorMessage(): string $maxFilesize = \UPLOAD_ERR_INI_SIZE === $errorCode ? self::getMaxFilesize() / 1024 : 0; $message = $errors[$errorCode] ?? 'The file "%s" was not uploaded due to an unknown error.'; - return sprintf($message, $this->getClientOriginalName(), $maxFilesize); + return \sprintf($message, $this->getClientOriginalName(), $maxFilesize); } } diff --git a/symfony/http-foundation/HeaderBag.php b/symfony/http-foundation/HeaderBag.php index 4dd777f16..e8072addd 100644 --- a/symfony/http-foundation/HeaderBag.php +++ b/symfony/http-foundation/HeaderBag.php @@ -51,7 +51,7 @@ public function __toString(): string foreach ($headers as $name => $values) { $name = ucwords($name, '-'); foreach ($values as $value) { - $content .= sprintf("%-{$max}s %s\r\n", $name.':', $value); + $content .= \sprintf("%-{$max}s %s\r\n", $name.':', $value); } } @@ -204,7 +204,7 @@ public function getDate(string $key, ?\DateTimeInterface $default = null): ?\Dat } if (false === $date = \DateTimeImmutable::createFromFormat(\DATE_RFC2822, $value)) { - throw new \RuntimeException(sprintf('The "%s" HTTP header is not parseable (%s).', $key, $value)); + throw new \RuntimeException(\sprintf('The "%s" HTTP header is not parseable (%s).', $key, $value)); } return $date; diff --git a/symfony/http-foundation/HeaderUtils.php b/symfony/http-foundation/HeaderUtils.php index 110896e17..ad47f2204 100644 --- a/symfony/http-foundation/HeaderUtils.php +++ b/symfony/http-foundation/HeaderUtils.php @@ -165,7 +165,7 @@ public static function unquote(string $s): string public static function makeDisposition(string $disposition, string $filename, string $filenameFallback = ''): string { if (!\in_array($disposition, [self::DISPOSITION_ATTACHMENT, self::DISPOSITION_INLINE])) { - throw new \InvalidArgumentException(sprintf('The disposition must be either "%s" or "%s".', self::DISPOSITION_ATTACHMENT, self::DISPOSITION_INLINE)); + throw new \InvalidArgumentException(\sprintf('The disposition must be either "%s" or "%s".', self::DISPOSITION_ATTACHMENT, self::DISPOSITION_INLINE)); } if ('' === $filenameFallback) { diff --git a/symfony/http-foundation/InputBag.php b/symfony/http-foundation/InputBag.php index 5acf35fec..08b927571 100644 --- a/symfony/http-foundation/InputBag.php +++ b/symfony/http-foundation/InputBag.php @@ -29,13 +29,13 @@ final class InputBag extends ParameterBag public function get(string $key, mixed $default = null): string|int|float|bool|null { if (null !== $default && !\is_scalar($default) && !$default instanceof \Stringable) { - throw new \InvalidArgumentException(sprintf('Expected a scalar value as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($default))); + throw new \InvalidArgumentException(\sprintf('Expected a scalar value as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($default))); } $value = parent::get($key, $this); if (null !== $value && $this !== $value && !\is_scalar($value) && !$value instanceof \Stringable) { - throw new BadRequestException(sprintf('Input value "%s" contains a non-scalar value.', $key)); + throw new BadRequestException(\sprintf('Input value "%s" contains a non-scalar value.', $key)); } return $this === $value ? $default : $value; @@ -68,7 +68,7 @@ public function add(array $inputs = []): void public function set(string $key, mixed $value): void { if (null !== $value && !\is_scalar($value) && !\is_array($value) && !$value instanceof \Stringable) { - throw new \InvalidArgumentException(sprintf('Expected a scalar, or an array as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($value))); + throw new \InvalidArgumentException(\sprintf('Expected a scalar, or an array as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($value))); } $this->parameters[$key] = $value; @@ -112,11 +112,11 @@ public function filter(string $key, mixed $default = null, int $filter = \FILTER } if (\is_array($value) && !(($options['flags'] ?? 0) & (\FILTER_REQUIRE_ARRAY | \FILTER_FORCE_ARRAY))) { - throw new BadRequestException(sprintf('Input value "%s" contains an array, but "FILTER_REQUIRE_ARRAY" or "FILTER_FORCE_ARRAY" flags were not set.', $key)); + throw new BadRequestException(\sprintf('Input value "%s" contains an array, but "FILTER_REQUIRE_ARRAY" or "FILTER_FORCE_ARRAY" flags were not set.', $key)); } if ((\FILTER_CALLBACK & $filter) && !(($options['options'] ?? null) instanceof \Closure)) { - throw new \InvalidArgumentException(sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); + throw new \InvalidArgumentException(\sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); } $options['flags'] ??= 0; diff --git a/symfony/http-foundation/IpUtils.php b/symfony/http-foundation/IpUtils.php index 18b1c5faf..8b52d2a9d 100644 --- a/symfony/http-foundation/IpUtils.php +++ b/symfony/http-foundation/IpUtils.php @@ -102,7 +102,7 @@ public static function checkIp4(string $requestIp, string $ip): bool return self::setCacheResult($cacheKey, false); } - return self::setCacheResult($cacheKey, 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask)); + return self::setCacheResult($cacheKey, 0 === substr_compare(\sprintf('%032b', ip2long($requestIp)), \sprintf('%032b', ip2long($address)), 0, $netmask)); } /** @@ -182,7 +182,7 @@ public static function checkIp6(string $requestIp, string $ip): bool */ public static function anonymize(string $ip): string { - /** + /* * If the IP contains a % symbol, then it is a local-link address with scoping according to RFC 4007 * In that case, we only care about the part before the % symbol, as the following functions, can only work with * the IP address itself. As the scope can leak information (containing interface name), we do not want to diff --git a/symfony/http-foundation/JsonResponse.php b/symfony/http-foundation/JsonResponse.php index 93c5751f2..616bccfee 100644 --- a/symfony/http-foundation/JsonResponse.php +++ b/symfony/http-foundation/JsonResponse.php @@ -41,7 +41,7 @@ public function __construct(mixed $data = null, int $status = 200, array $header parent::__construct('', $status, $headers); if ($json && !\is_string($data) && !is_numeric($data) && !\is_callable([$data, '__toString'])) { - throw new \TypeError(sprintf('"%s": If $json is set to true, argument $data must be a string or object implementing __toString(), "%s" given.', __METHOD__, get_debug_type($data))); + throw new \TypeError(\sprintf('"%s": If $json is set to true, argument $data must be a string or object implementing __toString(), "%s" given.', __METHOD__, get_debug_type($data))); } $data ??= new \ArrayObject(); @@ -176,7 +176,7 @@ protected function update(): static // Not using application/javascript for compatibility reasons with older browsers. $this->headers->set('Content-Type', 'text/javascript'); - return $this->setContent(sprintf('/**/%s(%s);', $this->callback, $this->data)); + return $this->setContent(\sprintf('/**/%s(%s);', $this->callback, $this->data)); } // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback) diff --git a/symfony/http-foundation/ParameterBag.php b/symfony/http-foundation/ParameterBag.php index 48fa4b233..2bd8cb15f 100644 --- a/symfony/http-foundation/ParameterBag.php +++ b/symfony/http-foundation/ParameterBag.php @@ -45,7 +45,7 @@ public function all(?string $key = null): array } if (!\is_array($value = $this->parameters[$key] ?? [])) { - throw new BadRequestException(sprintf('Unexpected value for parameter "%s": expecting "array", got "%s".', $key, get_debug_type($value))); + throw new BadRequestException(\sprintf('Unexpected value for parameter "%s": expecting "array", got "%s".', $key, get_debug_type($value))); } return $value; @@ -141,7 +141,7 @@ public function getString(string $key, string $default = ''): string { $value = $this->get($key, $default); if (!\is_scalar($value) && !$value instanceof \Stringable) { - throw new UnexpectedValueException(sprintf('Parameter value "%s" cannot be converted to "string".', $key)); + throw new UnexpectedValueException(\sprintf('Parameter value "%s" cannot be converted to "string".', $key)); } return (string) $value; @@ -185,7 +185,7 @@ public function getEnum(string $key, string $class, ?\BackedEnum $default = null try { return $class::from($value); } catch (\ValueError|\TypeError $e) { - throw new UnexpectedValueException(sprintf('Parameter "%s" cannot be converted to enum: %s.', $key, $e->getMessage()), $e->getCode(), $e); + throw new UnexpectedValueException(\sprintf('Parameter "%s" cannot be converted to enum: %s.', $key, $e->getMessage()), $e->getCode(), $e); } } @@ -212,11 +212,11 @@ public function filter(string $key, mixed $default = null, int $filter = \FILTER } if (\is_object($value) && !$value instanceof \Stringable) { - throw new UnexpectedValueException(sprintf('Parameter value "%s" cannot be filtered.', $key)); + throw new UnexpectedValueException(\sprintf('Parameter value "%s" cannot be filtered.', $key)); } if ((\FILTER_CALLBACK & $filter) && !(($options['options'] ?? null) instanceof \Closure)) { - throw new \InvalidArgumentException(sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); + throw new \InvalidArgumentException(\sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); } $options['flags'] ??= 0; diff --git a/symfony/http-foundation/RedirectResponse.php b/symfony/http-foundation/RedirectResponse.php index 408629e36..220dcf616 100644 --- a/symfony/http-foundation/RedirectResponse.php +++ b/symfony/http-foundation/RedirectResponse.php @@ -39,7 +39,7 @@ public function __construct(string $url, int $status = 302, array $headers = []) $this->setTargetUrl($url); if (!$this->isRedirect()) { - throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $status)); + throw new \InvalidArgumentException(\sprintf('The HTTP status code is not a redirect ("%s" given).', $status)); } if (301 == $status && !\array_key_exists('cache-control', array_change_key_case($headers, \CASE_LOWER))) { @@ -71,7 +71,7 @@ public function setTargetUrl(string $url): static $this->targetUrl = $url; $this->setContent( - sprintf(' + \sprintf(' diff --git a/symfony/http-foundation/Request.php b/symfony/http-foundation/Request.php index 922014133..a66312c8e 100644 --- a/symfony/http-foundation/Request.php +++ b/symfony/http-foundation/Request.php @@ -351,10 +351,21 @@ public static function create(string $uri, string $method = 'GET', array $parame $server['PATH_INFO'] = ''; $server['REQUEST_METHOD'] = strtoupper($method); + if (($i = strcspn($uri, ':/?#')) && ':' === ($uri[$i] ?? null) && (strspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-.') !== $i || strcspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'))) { + throw new BadRequestException('Invalid URI: Scheme is malformed.'); + } if (false === $components = parse_url(\strlen($uri) !== strcspn($uri, '?#') ? $uri : $uri.'#')) { throw new BadRequestException('Invalid URI.'); } + $part = ($components['user'] ?? '').':'.($components['pass'] ?? ''); + + if (':' !== $part && \strlen($part) !== strcspn($part, '[]')) { + throw new BadRequestException('Invalid URI: Userinfo is malformed.'); + } + if (($part = $components['host'] ?? '') && !self::isHostValid($part)) { + throw new BadRequestException('Invalid URI: Host is malformed.'); + } if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) { throw new BadRequestException('Invalid URI: A URI cannot contain a backslash.'); } @@ -537,7 +548,7 @@ public function __toString(): string } return - sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n". + \sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n". $this->headers. $cookieHeader."\r\n". $content; @@ -638,7 +649,7 @@ public static function getTrustedHeaderSet(): int */ public static function setTrustedHosts(array $hostPatterns) { - self::$trustedHostPatterns = array_map(fn ($hostPattern) => sprintf('{%s}i', $hostPattern), $hostPatterns); + self::$trustedHostPatterns = array_map(fn ($hostPattern) => \sprintf('{%s}i', $hostPattern), $hostPatterns); // we need to reset trusted hosts on trusted host patterns change self::$trustedHosts = []; } @@ -1151,16 +1162,14 @@ public function getHost(): string // host is lowercase as per RFC 952/2181 $host = strtolower(preg_replace('/:\d+$/', '', trim($host))); - // as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user) - // check that it does not contain forbidden characters (see RFC 952 and RFC 2181) - // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names - if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) { + // the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user) + if ($host && !self::isHostValid($host)) { if (!$this->isHostValid) { return ''; } $this->isHostValid = false; - throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host)); + throw new SuspiciousOperationException(\sprintf('Invalid Host "%s".', $host)); } if (\count(self::$trustedHostPatterns) > 0) { @@ -1183,7 +1192,7 @@ public function getHost(): string } $this->isHostValid = false; - throw new SuspiciousOperationException(sprintf('Untrusted Host "%s".', $host)); + throw new SuspiciousOperationException(\sprintf('Untrusted Host "%s".', $host)); } return $host; @@ -1298,15 +1307,22 @@ public function getFormat(?string $mimeType): ?string static::initializeFormats(); } + $exactFormat = null; + $canonicalFormat = null; + foreach (static::$formats as $format => $mimeTypes) { - if (\in_array($mimeType, (array) $mimeTypes)) { - return $format; + if (\in_array($mimeType, $mimeTypes, true)) { + $exactFormat = $format; } - if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes)) { - return $format; + if (null !== $canonicalMimeType && \in_array($canonicalMimeType, $mimeTypes, true)) { + $canonicalFormat = $format; } } + if ($format = $exactFormat ?? $canonicalFormat) { + return $format; + } + return null; } @@ -1323,7 +1339,7 @@ public function setFormat(?string $format, string|array $mimeTypes) static::initializeFormats(); } - static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : [$mimeTypes]; + static::$formats[$format ?? ''] = (array) $mimeTypes; } /** @@ -1466,7 +1482,7 @@ public function isMethodCacheable(): bool public function getProtocolVersion(): ?string { if ($this->isFromTrustedProxy()) { - preg_match('~^(HTTP/)?([1-9]\.[0-9]) ~', $this->headers->get('Via') ?? '', $matches); + preg_match('~^(HTTP/)?([1-9]\.[0-9])\b~', $this->headers->get('Via') ?? '', $matches); if ($matches) { return 'HTTP/'.$matches[2]; @@ -1545,7 +1561,7 @@ public function getPayload(): InputBag } if (!\is_array($content)) { - throw new JsonException(sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); + throw new JsonException(\sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); } return new InputBag($content); @@ -1571,7 +1587,7 @@ public function toArray(): array } if (!\is_array($content)) { - throw new JsonException(sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); + throw new JsonException(\sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); } return $content; @@ -1917,9 +1933,8 @@ protected function preparePathInfo(): string } $pathInfo = substr($requestUri, \strlen($baseUrl)); - if (false === $pathInfo || '' === $pathInfo) { - // If substr() returns false then PATH_INFO is set to an empty string - return '/'; + if (false === $pathInfo || '' === $pathInfo || '/' !== $pathInfo[0]) { + return '/'.$pathInfo; } return $pathInfo; @@ -1978,7 +1993,7 @@ private function getUrlencodedPrefix(string $string, string $prefix): ?string $len = \strlen($prefix); - if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.){%d}#', $len), $string, $match)) { + if (preg_match(\sprintf('#^(%%[[:xdigit:]]{2}|.){%d}#', $len), $string, $match)) { return $match[0]; } @@ -2070,7 +2085,7 @@ private function getTrustedValues(int $type, ?string $ip = null): array } $this->isForwardedValid = false; - throw new ConflictingHeadersException(sprintf('The request has both a trusted "%s" header and a trusted "%s" header, conflicting with each other. You should either configure your proxy to remove one of them, or configure your project to distrust the offending one.', self::TRUSTED_HEADERS[self::HEADER_FORWARDED], self::TRUSTED_HEADERS[$type])); + throw new ConflictingHeadersException(\sprintf('The request has both a trusted "%s" header and a trusted "%s" header, conflicting with each other. You should either configure your proxy to remove one of them, or configure your project to distrust the offending one.', self::TRUSTED_HEADERS[self::HEADER_FORWARDED], self::TRUSTED_HEADERS[$type])); } private function normalizeAndFilterClientIps(array $clientIps, string $ip): array @@ -2128,4 +2143,21 @@ private function isIisRewrite(): bool return $this->isIisRewrite; } + + /** + * See https://url.spec.whatwg.org/. + */ + private static function isHostValid(string $host): bool + { + if ('[' === $host[0]) { + return ']' === $host[-1] && filter_var(substr($host, 1, -1), \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6); + } + + if (preg_match('/\.[0-9]++\.?$/D', $host)) { + return null !== filter_var($host, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4 | \FILTER_NULL_ON_FAILURE); + } + + // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names + return '' === preg_replace('/[-a-zA-Z0-9_]++\.?/', '', $host); + } } diff --git a/symfony/http-foundation/Response.php b/symfony/http-foundation/Response.php index a43e7a9ac..e476e29d1 100644 --- a/symfony/http-foundation/Response.php +++ b/symfony/http-foundation/Response.php @@ -241,7 +241,7 @@ public function __construct(?string $content = '', int $status = 200, array $hea public function __toString(): string { return - sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n". + \sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n". $this->headers."\r\n". $this->getContent(); } @@ -393,7 +393,7 @@ public function sendHeaders(/* int $statusCode = null */): static $statusCode ??= $this->statusCode; // status - header(sprintf('HTTP/%s %s %s', $this->version, $statusCode, $this->statusText), true, $statusCode); + header(\sprintf('HTTP/%s %s %s', $this->version, $statusCode, $this->statusText), true, $statusCode); return $this; } @@ -499,7 +499,7 @@ public function setStatusCode(int $code, ?string $text = null): static { $this->statusCode = $code; if ($this->isInvalid()) { - throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $code)); + throw new \InvalidArgumentException(\sprintf('The HTTP status code "%s" is not valid.', $code)); } if (null === $text) { @@ -1011,7 +1011,7 @@ public function setEtag(?string $etag = null, bool $weak = false): static public function setCache(array $options): static { if ($diff = array_diff(array_keys($options), array_keys(self::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES))) { - throw new \InvalidArgumentException(sprintf('Response does not support the following options: "%s".', implode('", "', $diff))); + throw new \InvalidArgumentException(\sprintf('Response does not support the following options: "%s".', implode('", "', $diff))); } if (isset($options['etag'])) { diff --git a/symfony/http-foundation/ResponseHeaderBag.php b/symfony/http-foundation/ResponseHeaderBag.php index 376357d01..562f75c9a 100644 --- a/symfony/http-foundation/ResponseHeaderBag.php +++ b/symfony/http-foundation/ResponseHeaderBag.php @@ -174,7 +174,7 @@ public function getCacheControlDirective(string $key): bool|string|null */ public function setCookie(Cookie $cookie) { - $this->cookies[$cookie->getDomain()][$cookie->getPath()][$cookie->getName()] = $cookie; + $this->cookies[$cookie->getDomain() ?? ''][$cookie->getPath()][$cookie->getName()] = $cookie; $this->headerNames['set-cookie'] = 'Set-Cookie'; } @@ -187,13 +187,13 @@ public function removeCookie(string $name, ?string $path = '/', ?string $domain { $path ??= '/'; - unset($this->cookies[$domain][$path][$name]); + unset($this->cookies[$domain ?? ''][$path][$name]); - if (empty($this->cookies[$domain][$path])) { - unset($this->cookies[$domain][$path]); + if (empty($this->cookies[$domain ?? ''][$path])) { + unset($this->cookies[$domain ?? ''][$path]); - if (empty($this->cookies[$domain])) { - unset($this->cookies[$domain]); + if (empty($this->cookies[$domain ?? ''])) { + unset($this->cookies[$domain ?? '']); } } @@ -212,7 +212,7 @@ public function removeCookie(string $name, ?string $path = '/', ?string $domain public function getCookies(string $format = self::COOKIES_FLAT): array { if (!\in_array($format, [self::COOKIES_FLAT, self::COOKIES_ARRAY])) { - throw new \InvalidArgumentException(sprintf('Format "%s" invalid (%s).', $format, implode(', ', [self::COOKIES_FLAT, self::COOKIES_ARRAY]))); + throw new \InvalidArgumentException(\sprintf('Format "%s" invalid (%s).', $format, implode(', ', [self::COOKIES_FLAT, self::COOKIES_ARRAY]))); } if (self::COOKIES_ARRAY === $format) { @@ -240,7 +240,7 @@ public function getCookies(string $format = self::COOKIES_FLAT): array */ public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null /* , bool $partitioned = false */) { - $partitioned = 6 < \func_num_args() ? \func_get_arg(6) : false; + $partitioned = 6 < \func_num_args() ? func_get_arg(6) : false; $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite, $partitioned)); } diff --git a/symfony/http-foundation/Session/SessionUtils.php b/symfony/http-foundation/Session/SessionUtils.php index 504c5848e..57aa565ff 100644 --- a/symfony/http-foundation/Session/SessionUtils.php +++ b/symfony/http-foundation/Session/SessionUtils.php @@ -28,8 +28,8 @@ final class SessionUtils public static function popSessionCookie(string $sessionName, #[\SensitiveParameter] string $sessionId): ?string { $sessionCookie = null; - $sessionCookiePrefix = sprintf(' %s=', urlencode($sessionName)); - $sessionCookieWithId = sprintf('%s%s;', $sessionCookiePrefix, urlencode($sessionId)); + $sessionCookiePrefix = \sprintf(' %s=', urlencode($sessionName)); + $sessionCookieWithId = \sprintf('%s%s;', $sessionCookiePrefix, urlencode($sessionId)); $otherCookies = []; foreach (headers_list() as $h) { if (0 !== stripos($h, 'Set-Cookie:')) { diff --git a/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php index 288c24232..fd8562377 100644 --- a/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php @@ -32,7 +32,7 @@ public function open(string $savePath, string $sessionName): bool { $this->sessionName = $sessionName; if (!headers_sent() && !\ini_get('session.cache_limiter') && '0' !== \ini_get('session.cache_limiter')) { - header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) \ini_get('session.cache_expire'))); + header(\sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) \ini_get('session.cache_expire'))); } return true; @@ -88,7 +88,7 @@ public function destroy(#[\SensitiveParameter] string $sessionId): bool { if (!headers_sent() && filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL)) { if (!isset($this->sessionName)) { - throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); + throw new \LogicException(\sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); } $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId); diff --git a/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php b/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php index 411a8d1f0..70ac76248 100644 --- a/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php +++ b/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php @@ -22,7 +22,7 @@ public function marshall(array $values, ?array &$failed): array { foreach ($values as $key => $value) { if (!\is_string($value)) { - throw new \LogicException(sprintf('%s accepts only string as data.', __METHOD__)); + throw new \LogicException(\sprintf('%s accepts only string as data.', __METHOD__)); } } diff --git a/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php index 91a023ddb..9647f42bb 100644 --- a/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php @@ -47,7 +47,7 @@ public function __construct(\Memcached $memcached, array $options = []) $this->memcached = $memcached; if ($diff = array_diff(array_keys($options), ['prefix', 'expiretime', 'ttl'])) { - throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); + throw new \InvalidArgumentException(\sprintf('The following options are not supported "%s".', implode(', ', $diff))); } $this->ttl = $options['expiretime'] ?? $options['ttl'] ?? null; diff --git a/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php index f8c6151a4..284cd869d 100644 --- a/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php @@ -34,7 +34,7 @@ public function __construct(?string $savePath = null) if ($count = substr_count($savePath, ';')) { if ($count > 2) { - throw new \InvalidArgumentException(sprintf('Invalid argument $savePath \'%s\'.', $savePath)); + throw new \InvalidArgumentException(\sprintf('Invalid argument $savePath \'%s\'.', $savePath)); } // characters after last ';' are the path @@ -42,7 +42,7 @@ public function __construct(?string $savePath = null) } if ($baseDir && !is_dir($baseDir) && !@mkdir($baseDir, 0777, true) && !is_dir($baseDir)) { - throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $baseDir)); + throw new \RuntimeException(\sprintf('Session Storage was not able to create directory "%s".', $baseDir)); } if ($savePath !== \ini_get('session.save_path')) { diff --git a/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php index 9cee76ddf..48c219a7a 100644 --- a/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php @@ -155,7 +155,7 @@ public function __construct(#[\SensitiveParameter] \PDO|string|null $pdoOrDsn = { if ($pdoOrDsn instanceof \PDO) { if (\PDO::ERRMODE_EXCEPTION !== $pdoOrDsn->getAttribute(\PDO::ATTR_ERRMODE)) { - throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION)).', __CLASS__)); + throw new \InvalidArgumentException(\sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION)).', __CLASS__)); } $this->pdo = $pdoOrDsn; @@ -216,13 +216,13 @@ public function configureSchema(Schema $schema, ?\Closure $isSameDatabase = null $table->addColumn($this->timeCol, Types::INTEGER)->setNotnull(true); break; case 'sqlsrv': - $table->addColumn($this->idCol, Types::TEXT)->setLength(128)->setNotnull(true); + $table->addColumn($this->idCol, Types::STRING)->setLength(128)->setNotnull(true); $table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true); $table->addColumn($this->lifetimeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); $table->addColumn($this->timeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); break; default: - throw new \DomainException(sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)); + throw new \DomainException(\sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)); } $table->setPrimaryKey([$this->idCol]); $table->addIndex([$this->lifetimeCol], $this->lifetimeCol.'_idx'); @@ -257,7 +257,7 @@ public function createTable() 'pgsql' => "CREATE TABLE $this->table ($this->idCol VARCHAR(128) NOT NULL PRIMARY KEY, $this->dataCol BYTEA NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", 'oci' => "CREATE TABLE $this->table ($this->idCol VARCHAR2(128) NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", 'sqlsrv' => "CREATE TABLE $this->table ($this->idCol VARCHAR(128) NOT NULL PRIMARY KEY, $this->dataCol VARBINARY(MAX) NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", - default => throw new \DomainException(sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)), + default => throw new \DomainException(\sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)), }; try { @@ -538,7 +538,7 @@ private function buildDsnFromUrl(#[\SensitiveParameter] string $dsnOrUrl): strin return $dsn; default: - throw new \InvalidArgumentException(sprintf('The scheme "%s" is not supported by the PdoSessionHandler URL configuration. Pass a PDO DSN directly.', $params['scheme'])); + throw new \InvalidArgumentException(\sprintf('The scheme "%s" is not supported by the PdoSessionHandler URL configuration. Pass a PDO DSN directly.', $params['scheme'])); } } @@ -734,7 +734,7 @@ private function doAdvisoryLock(#[\SensitiveParameter] string $sessionId): \PDOS case 'sqlite': throw new \DomainException('SQLite does not support advisory locks.'); default: - throw new \DomainException(sprintf('Advisory locks are currently not implemented for PDO driver "%s".', $this->driver)); + throw new \DomainException(\sprintf('Advisory locks are currently not implemented for PDO driver "%s".', $this->driver)); } } @@ -776,7 +776,7 @@ private function getSelectSql(): string // we already locked when starting transaction break; default: - throw new \DomainException(sprintf('Transactional locks are currently not implemented for PDO driver "%s".', $this->driver)); + throw new \DomainException(\sprintf('Transactional locks are currently not implemented for PDO driver "%s".', $this->driver)); } } diff --git a/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php index b696eee4b..78cd4e7c2 100644 --- a/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php @@ -44,7 +44,7 @@ public function __construct( array $options = [], ) { if ($diff = array_diff(array_keys($options), ['prefix', 'ttl'])) { - throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); + throw new \InvalidArgumentException(\sprintf('The following options are not supported "%s".', implode(', ', $diff))); } $this->prefix = $options['prefix'] ?? 'sf_s'; diff --git a/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php b/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php index ff5b70d81..43a9eb84e 100644 --- a/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php +++ b/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php @@ -49,7 +49,7 @@ public static function createHandler(object|string $connection, array $options = return new PdoSessionHandler($connection); case !\is_string($connection): - throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', get_debug_type($connection))); + throw new \InvalidArgumentException(\sprintf('Unsupported Connection: "%s".', get_debug_type($connection))); case str_starts_with($connection, 'file://'): $savePath = substr($connection, 7); @@ -94,6 +94,6 @@ public static function createHandler(object|string $connection, array $options = return new PdoSessionHandler($connection, $options); } - throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', $connection)); + throw new \InvalidArgumentException(\sprintf('Unsupported Connection: "%s".', $connection)); } } diff --git a/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php b/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php index 1f8668744..38afc1257 100644 --- a/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php +++ b/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php @@ -24,7 +24,7 @@ class StrictSessionHandler extends AbstractSessionHandler public function __construct(\SessionHandlerInterface $handler) { if ($handler instanceof \SessionUpdateTimestampHandlerInterface) { - throw new \LogicException(sprintf('"%s" is already an instance of "SessionUpdateTimestampHandlerInterface", you cannot wrap it with "%s".', get_debug_type($handler), self::class)); + throw new \LogicException(\sprintf('"%s" is already an instance of "SessionUpdateTimestampHandlerInterface", you cannot wrap it with "%s".', get_debug_type($handler), self::class)); } $this->handler = $handler; diff --git a/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php b/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php index f02793d3e..65ab34f91 100644 --- a/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php +++ b/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php @@ -174,7 +174,7 @@ public function registerBag(SessionBagInterface $bag) public function getBag(string $name): SessionBagInterface { if (!isset($this->bags[$name])) { - throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); + throw new \InvalidArgumentException(\sprintf('The SessionBagInterface "%s" is not registered.', $name)); } if (!$this->started) { diff --git a/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php b/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php index ef6d9d8f8..84c2c4363 100644 --- a/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php +++ b/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php @@ -35,7 +35,7 @@ public function __construct(?string $savePath = null, string $name = 'MOCKSESSID $savePath ??= sys_get_temp_dir(); if (!is_dir($savePath) && !@mkdir($savePath, 0777, true) && !is_dir($savePath)) { - throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $savePath)); + throw new \RuntimeException(\sprintf('Session Storage was not able to create directory "%s".', $savePath)); } $this->savePath = $savePath; diff --git a/symfony/http-foundation/Session/Storage/NativeSessionStorage.php b/symfony/http-foundation/Session/Storage/NativeSessionStorage.php index f63de5740..c8801cc25 100644 --- a/symfony/http-foundation/Session/Storage/NativeSessionStorage.php +++ b/symfony/http-foundation/Session/Storage/NativeSessionStorage.php @@ -129,7 +129,7 @@ public function start(): bool } if (filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL) && headers_sent($file, $line)) { - throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line)); + throw new \RuntimeException(\sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line)); } $sessionId = $_COOKIE[session_name()] ?? null; @@ -139,7 +139,7 @@ public function start(): bool * ---------- Part 1 * * The part `[a-zA-Z0-9,-]` is related to the PHP ini directive `session.sid_bits_per_character` defined as 6. - * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character. + * See https://php.net/session.configuration#ini.session.sid-bits-per-character * Allowed values are integers such as: * - 4 for range `a-f0-9` * - 5 for range `a-v0-9` @@ -148,7 +148,7 @@ public function start(): bool * ---------- Part 2 * * The part `{22,250}` is related to the PHP ini directive `session.sid_length`. - * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length. + * See https://php.net/session.configuration#ini.session.sid-length * Allowed values are integers between 22 and 256, but we use 250 for the max. * * Where does the 250 come from? @@ -249,7 +249,7 @@ public function save() $previousHandler = set_error_handler(function ($type, $msg, $file, $line) use (&$previousHandler) { if (\E_WARNING === $type && str_starts_with($msg, 'session_write_close():')) { $handler = $this->saveHandler instanceof SessionHandlerProxy ? $this->saveHandler->getHandler() : $this->saveHandler; - $msg = sprintf('session_write_close(): Failed to write session data with "%s" handler', $handler::class); + $msg = \sprintf('session_write_close(): Failed to write session data with "%s" handler', $handler::class); } return $previousHandler ? $previousHandler($type, $msg, $file, $line) : false; @@ -302,7 +302,7 @@ public function registerBag(SessionBagInterface $bag) public function getBag(string $name): SessionBagInterface { if (!isset($this->bags[$name])) { - throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); + throw new \InvalidArgumentException(\sprintf('The SessionBagInterface "%s" is not registered.', $name)); } if (!$this->started && $this->saveHandler->isActive()) {