Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used#25823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:3.4fromgiovannialbero1992:3.4
Jan 18, 2018

Conversation

@giovannialbero1992
Copy link
Contributor

@giovannialbero1992giovannialbero1992 commentedJan 17, 2018
edited
Loading

QA
Branch?master for features / 3.4
Bug fix?yes
New feature?no
BC breaks?no
Deprecations?no
Tests pass?yes
Fixed tickets#25742
LicenseMIT
Doc PRnot requested

@giovannialbero1992giovannialbero1992 changed the title[Security] Notify that symfony/expression-language is not installe if ExpressionLanguage and ExpressionLanguagePrivider are used[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are usedJan 17, 2018
useSymfony\Component\ExpressionLanguage\ExpressionLanguageasBaseExpressionLanguage;

if (!class_exists('Symfony\Component\ExpressionLanguage\ExpressionLanguage')) {
thrownew \LogicException('Install symfony/expression-language');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

To be consistent with (the most) similar exceptions already in the code, what about throwing a \RuntimeException with a more precise message like "The ExpressionLanguage class requires the "ExpressionLanguage" component. Install "symfony/expression-language" to use it." ?

jvasseur reacted with thumbs up emoji
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ok, thanks!

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Done

useSymfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface;

if (!interface_exists('Symfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface')) {
thrownew \RuntimeException('The ExpressionLanguage class requires the "ExpressionLanguage" component. Install "symfony/expression-language" to use it.');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The name of this class is "ExpressionLanguageProvider".

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Sorry, I've done in a hurry, like a monkey with copy and paste.


if (!class_exists('Symfony\Component\ExpressionLanguage\ExpressionLanguage')) {
thrownew \RuntimeException('The ExpressionLanguage class requires the "ExpressionLanguage" component. Install "symfony/expression-language" to use it.');
}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Unfortunately this approach will not work. The class must be in the "else".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Why ? If an exception is thrown PHP will never reach the class declaration and won't try to find the parent class.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

because PHP parses class ahead of time, we already got bitten by that in the past

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yes some things are done ahead of time for class declarations, but in the case we have here it works without having to put the whole class in an else clause :https://3v4l.org/mELj9

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

we already merged such kind of code, and it broke, opcache involved maybe
I wouldn't take the risk another time

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

@nicolas-grekas I've modified my commit in according with your suggestions. I hope is all ok, thank you.

useSymfony\Component\ExpressionLanguage\ExpressionFunction;
useSymfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface;

if (!interface_exists('Symfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface')) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Done really need that logic on this class? Looks superfluous to me, but I may be missing something.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

you are right, this class also used in ExpressionLanguage.

@giovannialbero1992giovannialbero1992 changed the title[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is usedJan 17, 2018
Copy link
Member

@nicolas-grekasnicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

last changes :)

*/
class ExpressionLanguageextends BaseExpressionLanguage
{
if (!class_exists('Symfony\Component\ExpressionLanguage\ExpressionLanguage')) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

CS comment: should use BaseExpressionLanguage::class here, and

class ExpressionLanguageextends BaseExpressionLanguage
{
if (!class_exists('Symfony\Component\ExpressionLanguage\ExpressionLanguage')) {
thrownew \RuntimeException('The ExpressionLanguage class requires the "ExpressionLanguage" component. Install "symfony/expression-language" to use it.');

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The "%s" class, with FQCN and double quotes around, with ExpressionLanguage::class given

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

It's not the case in others similar messages (in the Serializer component for example). I guess we should harmonize them ?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Actually not: we don't harmonize such CS things because they create merge conflicts when merging lower branches into upper ones.

class ExpressionLanguageextends BaseExpressionLanguage
{
if (!class_exists(BaseExpressionLanguage::class)) {
thrownew \RuntimeException(sprintf('The "%s" class requires the "ExpressionLanguage" component. Install "symfony/expression-language" to use it.', ExpressionLanguage::class));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍 for this. To make the language consistent with other spots:

The "%s" class requires the "ExpressionLanguage" component. Try running "composer require symfony/expression-language".

Is there a specific time when this class is used? I mean, obviously, if you reference the class directly, it's used :). But is it if you try to use expressions inside, for example,access_control? I'm asking only because if there is a specific use-case that activates this class 99% of the time, it might be better to mention that use case (e.g. "To use expressions in access_control, you must install...") versus saying that thatExpressionLanguage class requires the component (when the user is not really interacting with this class directly, so might not be sure where this is coming from)

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I've updated the message, for the rest i don't know if in the future someone will use this class without install ExpressionLanguage.

@xabbuh
Copy link
Member

I wonder if we did that for other classes that extend classes coming from optional dependencies in the past. And if not, why should we do that now for this particular class only?

Copy link
Member

@nicolas-grekasnicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

(consistent with the experience provided by Flex)

class ExpressionLanguageextends BaseExpressionLanguage
{
if (!class_exists(BaseExpressionLanguage::class)) {
thrownew \RuntimeException(sprintf('The "%s" class requires the "ExpressionLanguage" component. Try running "composer require symfony/expression-language".', ExpressionLanguage::class));

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

\LogicException !

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍

…f ExpressionLanguage and ExpressionLanguagePrivider are used
@fabpot
Copy link
Member

Thank you@giovannialbero1992.

giovannialbero1992 reacted with thumbs up emoji

@fabpotfabpot merged commit6aa2b7c intosymfony:3.4Jan 18, 2018
fabpot added a commit that referenced this pull requestJan 18, 2018
…installed if ExpressionLanguage is used (giovannialbero1992)This PR was merged into the 3.4 branch.Discussion----------[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used| Q             | A| ------------- | ---| Branch?       | master for features / 3.4| Bug fix?      | yes| New feature?  | no| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets |#25742| License       | MIT| Doc PR        | not requestedCommits-------6aa2b7c [Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
@fabpotfabpot mentioned this pull requestJan 29, 2018
@fabpotfabpot mentioned this pull requestJan 29, 2018
greg0ire added a commit to greg0ire/core that referenced this pull requestMar 28, 2018
This is broken since sf 3.4.4, seesymfony/symfony#25823One of api platforms listener depends on a file that now throws if it isloaded and the expression language component is missing. The solution isto avoid creating the service if the component is missing.This fixes an error people will have even if they do not use theaccess_control annotation attribute.
greg0ire added a commit to greg0ire/core that referenced this pull requestMar 28, 2018
This is broken since sf 3.4.4, seesymfony/symfony#25823One of api platforms listener depends on a file that now throws if it isloaded and the expression language component is missing. The solution isto avoid creating the service if the component is missing.This fixes an error people will have even if they do not use theaccess_control annotation attribute.
meyerbaptiste pushed a commit to greg0ire/core that referenced this pull requestMar 28, 2018
This is broken since sf 3.4.4, seesymfony/symfony#25823One of api platforms listener depends on a file that now throws if it isloaded and the expression language component is missing. The solution isto avoid creating the service if the component is missing.This fixes an error people will have even if they do not use theaccess_control annotation attribute.
soyuka pushed a commit to soyuka/core that referenced this pull requestMar 30, 2018
This is broken since sf 3.4.4, seesymfony/symfony#25823One of api platforms listener depends on a file that now throws if it isloaded and the expression language component is missing. The solution isto avoid creating the service if the component is missing.This fixes an error people will have even if they do not use theaccess_control annotation attribute.
soyuka pushed a commit to soyuka/core that referenced this pull requestApr 3, 2018
This is broken since sf 3.4.4, seesymfony/symfony#25823One of api platforms listener depends on a file that now throws if it isloaded and the expression language component is missing. The solution isto avoid creating the service if the component is missing.This fixes an error people will have even if they do not use theaccess_control annotation attribute.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@weaverryanweaverryanweaverryan left review comments

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@fabpotfabpotfabpot approved these changes

@xabbuhxabbuhxabbuh approved these changes

+2 more reviewers

@jvasseurjvasseurjvasseur left review comments

@fancywebfancywebfancyweb left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@giovannialbero1992@xabbuh@fabpot@weaverryan@nicolas-grekas@jvasseur@fancyweb@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp