Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[SecurityBundle] fix accepting env vars in remember-me configurations#36483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
nicolas-grekas merged 1 commit intosymfony:3.4fromzek:3.4
Apr 18, 2020

Conversation

@zek
Copy link
Contributor

@zekzek commentedApr 17, 2020

QA
Branch?3.4
Bug fix?yes
New feature?no
Deprecations?no
TicketsFix#36271
LicenseMIT
Doc PR-

As@wouterj explained we cannot use env variables after#35910 merged.

Hmm, so I'm guessing this is what happens:

  • lifetime is now anintegerNode()
  • For the Config component (which IIRC doesn't know anything about env variables), you're passing a string:"%env(int:REMEMBER_ME_COOKIE_LIFETIME)%"
  • This throws an error, although if it wouldn't, the DI component would sucessfully process the string into a integer before it's used by any PHP class.

So we either make Config aware of environment variables (that's probably a huge feature) or we revert theintegerNode() changes (as you suggested).

@HeahDude am I mislooking something, or would reverting these 2 lines not result in much harm? (only a little less strict config processor)

->booleanNode('catch_exceptions')->defaultTrue()->end()
;

// Be carefull! We should call scalarNode otherwise can't use `env variables` in configuration.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

should be removed and replaced by a non-regression test instead :)

@nicolas-grekasnicolas-grekas changed the title[Security] Revert Changes that causes bug[Security] fix accepting env vars in remember_me configurationsApr 18, 2020
@nicolas-grekasnicolas-grekas changed the title[Security] fix accepting env vars in remember_me configurations[Security] fix accepting env vars in remember-me configurationsApr 18, 2020
@nicolas-grekasnicolas-grekas changed the title[Security] fix accepting env vars in remember-me configurations[SecurityBundle] fix accepting env vars in remember-me configurationsApr 18, 2020
@nicolas-grekas
Copy link
Member

Thank you@zek.

zek reacted with hooray emoji

@nicolas-grekasnicolas-grekas merged commita347a84 intosymfony:3.4Apr 18, 2020
This was referencedApr 28, 2020
@zekzek deleted the 3.4 branchJune 22, 2020 12:15
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@nicolas-grekasnicolas-grekasnicolas-grekas left review comments

Assignees

No one assigned

Projects

None yet

Milestone

3.4

Development

Successfully merging this pull request may close these issues.

3 participants

@zek@nicolas-grekas@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp