Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[HttpFoundation] change precedence of parameters in Request::get#16076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:masterfromTobion:request-get-priority
Oct 5, 2015

Conversation

Tobion
Copy link
Contributor

QA
Bug fix?no
New feature?no
BC breaks?yes
Deprecations?no
Tests pass?yes
Fixed tickets-
LicenseMIT
Doc PR-

Allowing the request attributes to be overwritten via GET parameters is risky and made#8966 even worse.
It is even more risky because it skips the requirements checks as configured in routing. So people that set requirements for routing placeholders like\d+ orhtml|json can be sure it is validated when using the routing variables. But if developers use$request->get() to retrieve them, anybody from outside can set any value for those.

*
* Avoid using this method in controllers:
*
* * slow
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

this is not relevant anymore with the removal ofdeep and also since the refactoring in#12369

@Tobion
Copy link
ContributorAuthor

An alternative would be to deprecateget and instead introduce a new method likegetParam with the new precedence. This way there would be an upgrade path.

@fabpot
Copy link
Member

@Tobion I think this PR is fine without introducing another method.

👍

@fabpot
Copy link
Member

Thank you@Tobion.

@fabpotfabpot merged commite8d6764 intosymfony:masterOct 5, 2015
fabpot added a commit that referenced this pull requestOct 5, 2015
…quest::get (Tobion)This PR was merged into the 3.0-dev branch.Discussion----------[HttpFoundation] change precedence of parameters in Request::get| Q             | A| ------------- | ---| Bug fix?      | no| New feature?  | no| BC breaks?    | yes| Deprecations? | no| Tests pass?   | yes| Fixed tickets | -| License       | MIT| Doc PR        | -Allowing the request attributes to be overwritten via GET parameters is risky and made#8966 even worse.It is even more risky because it skips the requirements checks as configured in routing. So people that set requirements for routing placeholders like `\d+` or `html|json` can be sure it is validated when using the routing variables. But if developers use `$request->get()` to retrieve them, anybody from outside can set any value for those.Commits-------e8d6764 [HttpFoundation] change precedence of parameters in Request::get
@TobionTobion deleted the request-get-priority branchOctober 5, 2015 11:50
@fabpotfabpot mentioned this pull requestNov 16, 2015
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

3 participants
@Tobion@fabpot@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp