Merge branch '4.2'

nicolas-grekas · nicolas-grekas · commit fad93db07802 · 2019-02-07T19:43:24.000+01:00
* 4.2:
  fix merge
  [FrameworkBundle] fix xsd
  [FrameworkBundle] update xsd to match the 4.2 configuration
  [FrameworkBundle] Update the xsd to match the actual session configuration
  [Form] CsrfValidationListener marks the token as invalid if it is not a string
  [Routing] fix perf issue when dumping large number of routes
  Fix wrong value in file id attribute for Xliff 2.0
  [VarDumper] Fixed phpDoc
  [PhpUnitBridge] fix PHP  5.3 compat
  [Messenger] Fix DataCollector template
  [Filesystem] Fixed some docblocks and typos
  bumped Symfony version to 4.2.4
  updated VERSION for 4.2.3
  updated CHANGELOG for 4.2.3
  bumped Symfony version to 3.4.23
  updated VERSION for 3.4.22
  update CONTRIBUTORS for 3.4.22
  updated CHANGELOG for 3.4.22
  fix some minor typos
  do not overwrite the constraint being evaluated
diff --git a/Extension/Csrf/EventListener/CsrfValidationListener.php b/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -66,8 +66,10 @@ public function preSubmit(FormEvent $event)
         if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
             $data = $event->getData();
 
-            $csrfToken = new CsrfToken($this->tokenId, $data[$this->fieldName] ?? null);
-            if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid($csrfToken)) {
+            $csrfValue = \is_string($data[$this->fieldName] ?? null) ? $data[$this->fieldName] : null;
+            $csrfToken = new CsrfToken($this->tokenId, $csrfValue);
+
+            if (null === $csrfValue || !$this->tokenManager->isTokenValid($csrfToken)) {
                 $errorMessage = $this->errorMessage;
 
                 if (null !== $this->translator) {
diff --git a/Extension/Validator/Constraints/FormValidator.php b/Extension/Validator/Constraints/FormValidator.php
@@ -26,10 +26,10 @@ class FormValidator extends ConstraintValidator
     /**
      * {@inheritdoc}
      */
-    public function validate($form, Constraint $constraint)
+    public function validate($form, Constraint $formConstraint)
     {
-        if (!$constraint instanceof Form) {
-            throw new UnexpectedTypeException($constraint, __NAMESPACE__.'\Form');
+        if (!$formConstraint instanceof Form) {
+            throw new UnexpectedTypeException($formConstraint, __NAMESPACE__.'\Form');
         }
 
         if (!$form instanceof FormInterface) {
@@ -62,8 +62,8 @@ public function validate($form, Constraint $constraint)
                 // Otherwise validate a constraint only once for the first
                 // matching group
                 foreach ($groups as $group) {
-                    if (\in_array($group, $constraint->groups)) {
-                        $validator->atPath('data')->validate($form->getData(), $constraint, $group);
+                    if (\in_array($group, $formConstraint->groups)) {
+                        $validator->atPath('data')->validate($form->getData(), $formConstraint, $group);
                         if (\count($this->context->getViolations()) > 0) {
                             break;
                         }
@@ -113,7 +113,7 @@ public function validate($form, Constraint $constraint)
                     ? (string) $form->getViewData()
                     : \gettype($form->getViewData());
 
-                $this->context->setConstraint($constraint);
+                $this->context->setConstraint($formConstraint);
                 $this->context->buildViolation($config->getOption('invalid_message'))
                     ->setParameters(array_replace(['{{ value }}' => $clientDataAsString], $config->getOption('invalid_message_parameters')))
                     ->setInvalidValue($form->getViewData())
@@ -125,7 +125,7 @@ public function validate($form, Constraint $constraint)
 
         // Mark the form with an error if it contains extra fields
         if (!$config->getOption('allow_extra_fields') && \count($form->getExtraData()) > 0) {
-            $this->context->setConstraint($constraint);
+            $this->context->setConstraint($formConstraint);
             $this->context->buildViolation($config->getOption('extra_fields_message'))
                 ->setParameter('{{ extra_fields }}', '"'.implode('", "', array_keys($form->getExtraData())).'"')
                 ->setInvalidValue($form->getExtraData())
diff --git a/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php b/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
@@ -64,6 +64,16 @@ public function testStringFormData()
         $this->assertSame($data, $event->getData());
     }
 
+    public function testArrayCsrfToken()
+    {
+        $event = new FormEvent($this->form, ['csrf' => []]);
+
+        $validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
+        $validation->preSubmit($event);
+
+        $this->assertNotEmpty($this->form->getErrors());
+    }
+
     public function testMaxPostSizeExceeded()
     {
         $serverParams = $this
diff --git a/Tests/Extension/Validator/Constraints/FormValidatorTest.php b/Tests/Extension/Validator/Constraints/FormValidatorTest.php
@@ -13,16 +13,20 @@
 
 use Symfony\Component\Form\CallbackTransformer;
 use Symfony\Component\Form\Exception\TransformationFailedException;
+use Symfony\Component\Form\Extension\Core\DataMapper\PropertyPathMapper;
 use Symfony\Component\Form\Extension\Validator\Constraints\Form;
 use Symfony\Component\Form\Extension\Validator\Constraints\FormValidator;
 use Symfony\Component\Form\FormBuilder;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\Form\SubmitButtonBuilder;
+use Symfony\Component\Translation\IdentityTranslator;
 use Symfony\Component\Validator\Constraints\GroupSequence;
 use Symfony\Component\Validator\Constraints\NotBlank;
 use Symfony\Component\Validator\Constraints\NotNull;
 use Symfony\Component\Validator\Constraints\Valid;
+use Symfony\Component\Validator\Context\ExecutionContext;
 use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
+use Symfony\Component\Validator\Validation;
 
 /**
  * @author Bernhard Schussek <bschussek@gmail.com>
@@ -649,6 +653,27 @@ public function getValidationGroups(FormInterface $form)
         return ['group1', 'group2'];
     }
 
+    public function testCauseForNotAllowedExtraFieldsIsTheFormConstraint()
+    {
+        $form = $this
+            ->getBuilder('form', null, ['constraints' => [new NotBlank(['groups' => ['foo']])]])
+            ->setCompound(true)
+            ->setDataMapper(new PropertyPathMapper())
+            ->getForm();
+        $form->submit([
+            'extra_data' => 'foo',
+        ]);
+
+        $context = new ExecutionContext(Validation::createValidator(), $form, new IdentityTranslator());
+        $constraint = new Form();
+
+        $this->validator->initialize($context);
+        $this->validator->validate($form, $constraint);
+
+        $this->assertCount(1, $context->getViolations());
+        $this->assertSame($constraint, $context->getViolations()->get(0)->getConstraint());
+    }
+
     private function getMockExecutionContext()
     {
         $context = $this->getMockBuilder('Symfony\Component\Validator\Context\ExecutionContextInterface')->getMock();
