Merge branch '5.4' into 6.0

nicolas-grekas · nicolas-grekas · commit 47f2aa677a96 · 2022-06-19T15:16:44.000+02:00
* 5.4:
  Exclude from baseline generation deprecations triggered in legacy test
  [HttpFoundation] Update "[Session] Overwrite invalid session id" to only validate when files session storage is used
  [DoctrineBridge] Add missing break
  [FrameworkBundle] Lower JsonSerializableNormalizer priority
diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php
@@ -136,7 +136,7 @@ public function start(): bool
         }
 
         $sessionId = $_COOKIE[session_name()] ?? null;
-        if ($sessionId && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {
+        if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {
             // the session ID in the header is invalid, create a new one
             session_id(session_create_id());
         }
diff --git a/Tests/Session/Storage/NativeSessionStorageTest.php b/Tests/Session/Storage/NativeSessionStorageTest.php
@@ -284,12 +284,31 @@ public function testGetBagsOnceSessionStartedIsIgnored()
         $this->assertEquals($storage->getBag('flashes'), $bag);
     }
 
-    public function testRegenerateInvalidSessionId()
+    public function testRegenerateInvalidSessionIdForNativeFileSessionHandler()
     {
         $_COOKIE[session_name()] = '&~[';
-        $started = (new NativeSessionStorage())->start();
+        session_id('&~[');
+        $storage = new NativeSessionStorage([], new NativeFileSessionHandler());
+        $started = $storage->start();
 
         $this->assertTrue($started);
         $this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,}$/', session_id());
+        $storage->save();
+
+        $_COOKIE[session_name()] = '&~[';
+        session_id('&~[');
+        $storage = new NativeSessionStorage([], new SessionHandlerProxy(new NativeFileSessionHandler()));
+        $started = $storage->start();
+
+        $this->assertTrue($started);
+        $this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,}$/', session_id());
+        $storage->save();
+
+        $_COOKIE[session_name()] = '&~[';
+        session_id('&~[');
+        $storage = new NativeSessionStorage([], new NullSessionHandler());
+        $started = $storage->start();
+        $this->assertTrue($started);
+        $this->assertSame('&~[', session_id());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ public function start(): bool`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`$sessionId = $_COOKIE[session_name()] ?? null;`
`139`		`- if ($sessionId && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {`
	`139`	`+ if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {`
`140`	`140`	`// the session ID in the header is invalid, create a new one`
`141`	`141`	`session_id(session_create_id());`
`142`	`142`	`}`