Merge branch '5.4' into 6.4

nicolas-grekas · nicolas-grekas · commit 4facd4174f45 · 2024-11-05T17:39:55.000+01:00
* 5.4:
  Do not read from argv on non-CLI SAPIs
  [Process] Use %PATH% before %CD% to load the shell on Windows
  [HttpFoundation] Reject URIs that contain invalid characters
  [HttpClient] Filter private IPs before connecting when Host == IP
diff --git a/SymfonyRuntime.php b/SymfonyRuntime.php
@@ -95,7 +95,7 @@ public function __construct(array $options = [])
 
         if (isset($options['env'])) {
             $_SERVER[$envKey] = $options['env'];
-        } elseif (isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
+        } elseif (empty($_GET) && isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
             $this->options = $options;
             $this->getInput();
         }
@@ -203,6 +203,10 @@ protected static function register(GenericRuntime $runtime): GenericRuntime
 
     private function getInput(): ArgvInput
     {
+        if (!empty($_GET) && filter_var(ini_get('register_argc_argv'), \FILTER_VALIDATE_BOOL)) {
+            throw new \Exception('CLI applications cannot be run safely on non-CLI SAPIs with register_argc_argv=On.');
+        }
+
         if (isset($this->input)) {
             return $this->input;
         }
diff --git a/Tests/phpt/kernel-loop.phpt b/Tests/phpt/kernel-loop.phpt
@@ -11,6 +11,6 @@ require __DIR__.'/kernel-loop.php';
 
 ?>
 --EXPECTF--
-OK Kernel foo_bar
-OK Kernel foo_bar
+OK Kernel (env=dev) foo_bar
+OK Kernel (env=dev) foo_bar
 0
diff --git a/Tests/phpt/kernel.php b/Tests/phpt/kernel.php
@@ -17,17 +17,19 @@
 
 class TestKernel implements HttpKernelInterface
 {
+    private string $env;
     private string $var;
 
-    public function __construct(string $var)
+    public function __construct(string $env, string $var)
     {
+        $this->env = $env;
         $this->var = $var;
     }
 
     public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true): Response
     {
-        return new Response('OK Kernel '.$this->var);
+        return new Response('OK Kernel (env='.$this->env.') '.$this->var);
     }
 }
 
-return fn (array $context) => new TestKernel($context['SOME_VAR']);
+return fn (array $context) => new TestKernel($context['APP_ENV'], $context['SOME_VAR']);
diff --git a/Tests/phpt/kernel.phpt b/Tests/phpt/kernel.phpt
@@ -9,4 +9,4 @@ require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
 
 ?>
 --EXPECTF--
-OK Kernel foo_bar
+OK Kernel (env=dev) foo_bar
diff --git a/Tests/phpt/kernel_register_argc_argv.phpt b/Tests/phpt/kernel_register_argc_argv.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Test HttpKernelInterface with register_argc_argv=1
+--INI--
+display_errors=1
+register_argc_argv=1
+--FILE--
+<?php
+
+// emulating PHP behavior with register_argc_argv=1
+$_GET['-e_test'] = '';
+$_SERVER['argc'] = 1;
+$_SERVER['argv'] = [' ', '-e', 'test'];
+
+require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
+
+?>
+--EXPECTF--
+OK Kernel (env=dev) foo_bar

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ public function __construct(array $options = [])`
`95`	`95`
`96`	`96`	`if (isset($options['env'])) {`
`97`	`97`	`$_SERVER[$envKey] = $options['env'];`
`98`		`- } elseif (isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {`
	`98`	`+ } elseif (empty($_GET) && isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {`
`99`	`99`	`$this->options = $options;`
`100`	`100`	`$this->getInput();`
`101`	`101`	`}`
`@@ -203,6 +203,10 @@ protected static function register(GenericRuntime $runtime): GenericRuntime`
`203`	`203`
`204`	`204`	`private function getInput(): ArgvInput`
`205`	`205`	`{`
	`206`	`+ if (!empty($_GET) && filter_var(ini_get('register_argc_argv'), \FILTER_VALIDATE_BOOL)) {`
	`207`	`+ throw new \Exception('CLI applications cannot be run safely on non-CLI SAPIs with register_argc_argv=On.');`
	`208`	`+ }`
	`209`	`+`
`206`	`210`	`if (isset($this->input)) {`
`207`	`211`	`return $this->input;`
`208`	`212`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,6 @@ require __DIR__.'/kernel-loop.php';`
`11`	`11`
`12`	`12`	`?>`
`13`	`13`	`--EXPECTF--`
`14`		`-OK Kernel foo_bar`
`15`		`-OK Kernel foo_bar`
	`14`	`+OK Kernel (env=dev) foo_bar`
	`15`	`+OK Kernel (env=dev) foo_bar`
`16`	`16`	`0`
Original file line number	Diff line number	Diff line change
`@@ -17,17 +17,19 @@`
`17`	`17`
`18`	`18`	`class TestKernel implements HttpKernelInterface`
`19`	`19`	`{`
	`20`	`+ private string $env;`
`20`	`21`	`private string $var;`
`21`	`22`
`22`		`- public function __construct(string $var)`
	`23`	`+ public function __construct(string $env, string $var)`
`23`	`24`	`{`
	`25`	`+ $this->env = $env;`
`24`	`26`	`$this->var = $var;`
`25`	`27`	`}`
`26`	`28`
`27`	`29`	`public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true): Response`
`28`	`30`	`{`
`29`		`- return new Response('OK Kernel '.$this->var);`
	`31`	`+ return new Response('OK Kernel (env='.$this->env.') '.$this->var);`
`30`	`32`	`}`
`31`	`33`	`}`
`32`	`34`
`33`		`-return fn (array $context) => new TestKernel($context['SOME_VAR']);`
	`35`	`+return fn (array $context) => new TestKernel($context['APP_ENV'], $context['SOME_VAR']);`