Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[DI] Fix reading env vars from fastcgi params#23899
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
ro0NL approved these changesAug 16, 2017
d829791 to8477c91CompareMemberAuthor
nicolas-grekas commentedAug 17, 2017
Merging to unlock other PRs. |
nicolas-grekas added a commit that referenced this pull requestAug 17, 2017
…kas)This PR was merged into the 3.3 branch.Discussion----------[DI] Fix reading env vars from fastcgi params| Q | A| ------------- | ---| Branch? | 3.3| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#23348| License | MIT| Doc PR | -Values in fastcgi_param populate `$_SERVER`, never `$_ENV`.This PR makes `$container->getEnv()` read from `$_SERVER`, excluding any vars whose name start by `HTTP_` as that would be a security issue (values injection via HTTP headers.)Embeds a few other fixes found meanwhile.Commits-------adff65a [DI] Fix reading env vars from fastcgi params
Merged
fabpot added a commit that referenced this pull requestSep 7, 2017
This PR was merged into the 3.4 branch.Discussion----------[DI] Allow processing env vars| Q | A| ------------- | ---| Branch? | 3.4| Bug fix? | no| New feature? | yes| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets | see description| License | MIT| Doc PR | -This PR is an updated version of#20276 ~~(it embeds#23899 for now.)~~It superscedes/closes:- [DI] Add support for secrets#23621 ping@dunglas- Runtime container parameter not found event filter#23669 ping@marfillaster- [DependencyInjection] [DX] Support for JSON string environment variables#23823 ping@Pierstoval- add support for composite environment variables#17689 ping@greg0ire- [DI] ENV parameters at runtime with PHP 7 strict types not working properly#20434 ping@sandrokeil- Issue when using a SQLite database and the DATABASE_URL env var#23527 ping@javiereguiluz#22151 is another story, so not fixed here.The way it works is via `%env(foo:BAR)%` prefixes, where "foo" can be bound to any services you'd like.By default, the following prefixes are supported:- `bool`, `int`, `float`, `string`, `base64`- `const` (for referencing PHP constants)- `json` (supporting only json **arrays** for type predictability)- `file` (eg for access to secrets stored in files.)- `resolve` (for processing parameters inside env vars.)New prefixes can be added by implementing the new `EnvProviderInterface`, and tagging with `container.env_provider` (see `Rot13EnvProvider` in tests.)Prefixes can be combined to chain processing, eg.`%env(json:base64:file:FOO)%` will be roughly equivalent to`json_decode(base64_decode(file_get_content(getenv('FOO'))))`.Commits-------1f92e45 [DI] Allow processing env vars
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Values in fastcgi_param populate
$_SERVER, never$_ENV.This PR makes
$container->getEnv()read from$_SERVER, excluding any vars whose name start byHTTP_as that would be a security issue (values injection via HTTP headers.)Embeds a few other fixes found meanwhile.