prevent hash collisions caused by reused object hashes

Author: xabbuh

Extension/Validator/Constraints/FormValidator.php

@@ -25,7 +25,6 @@
 class FormValidator extends ConstraintValidator
 {
     private $resolvedGroups;
-    private $fieldFormConstraints;
 
     /**
      * {@inheritdoc}
@@ -68,7 +67,6 @@ public function validate($form, Constraint $formConstraint)
 
             if ($hasChildren && $form->isRoot()) {
                 $this->resolvedGroups = new \SplObjectStorage();
-                $this->fieldFormConstraints = [];
             }
 
             if ($groups instanceof GroupSequence) {
@@ -93,7 +91,6 @@ public function validate($form, Constraint $formConstraint)
                             $this->resolvedGroups[$field] = (array) $group;
                             $fieldFormConstraint = new Form();
                             $fieldFormConstraint->groups = $group;
-                            $this->fieldFormConstraints[] = $fieldFormConstraint;
                             $this->context->setNode($this->context->getValue(), $field, $this->context->getMetadata(), $this->context->getPropertyPath());
                             $validator->atPath(sprintf('children[%s]', $field->getName()))->validate($field, $fieldFormConstraint, $group);
                         }
@@ -139,18 +136,15 @@ public function validate($form, Constraint $formConstraint)
                 foreach ($form->all() as $field) {
                     if ($field->isSubmitted()) {
                         $this->resolvedGroups[$field] = $groups;
-                        $fieldFormConstraint = new Form();
-                        $this->fieldFormConstraints[] = $fieldFormConstraint;
                         $this->context->setNode($this->context->getValue(), $field, $this->context->getMetadata(), $this->context->getPropertyPath());
-                        $validator->atPath(sprintf('children[%s]', $field->getName()))->validate($field, $fieldFormConstraint);
+                        $validator->atPath(sprintf('children[%s]', $field->getName()))->validate($field, $formConstraint);
                     }
                 }
             }
 
             if ($hasChildren && $form->isRoot()) {
                 // destroy storage to avoid memory leaks
                 $this->resolvedGroups = new \SplObjectStorage();
-                $this->fieldFormConstraints = [];
             }
         } elseif (!$form->isSynchronized()) {
             $childrenSynchronized = true;
@@ -159,11 +153,8 @@ public function validate($form, Constraint $formConstraint)
             foreach ($form as $child) {
                 if (!$child->isSynchronized()) {
                     $childrenSynchronized = false;
-
-                    $fieldFormConstraint = new Form();
-                    $this->fieldFormConstraints[] = $fieldFormConstraint;
                     $this->context->setNode($this->context->getValue(), $child, $this->context->getMetadata(), $this->context->getPropertyPath());
-                    $validator->atPath(sprintf('children[%s]', $child->getName()))->validate($child, $fieldFormConstraint);
+                    $validator->atPath(sprintf('children[%s]', $child->getName()))->validate($child, $formConstraint);
                 }
             }
 

composer.json

@@ -27,7 +27,7 @@
     },
     "require-dev": {
         "doctrine/collections": "~1.0",
-        "symfony/validator": "^3.4.44|^4.3.4|^5.0",
+        "symfony/validator": "^4.4.17|^5.1.9",
         "symfony/dependency-injection": "^3.4|^4.0|^5.0",
         "symfony/expression-language": "^3.4|^4.0|^5.0",
         "symfony/config": "^3.4|^4.0|^5.0",