NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

[Intl] Fixed directory traversal in emoji compression tool#51030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

nicolas-grekas merged 1 commit intosymfony:6.3fromrlandgrebe:ticket_51029

Jul 20, 2023

Merged

[Intl] Fixed directory traversal in emoji compression tool#51030

nicolas-grekas merged 1 commit intosymfony:6.3fromrlandgrebe:ticket_51029

Jul 20, 2023

Conversation

Copy link

Contributor

rlandgrebe commentedJul 19, 2023

When using the compression tool, the emoji data is not compressed properly due to directory traversal issues. It only goes one level deep in the `data' directory.

Q	A
Branch?	6.3
Bug fix?	yes
New feature?	no
Deprecations?	no
Tickets	Fix#51029
License	MIT
Doc PR

carsonbot added Status: Needs Review Bug Intl labels

Jul 19, 2023

carsonbot added this to the6.3 milestone

Jul 19, 2023

Copy link

carsonbot commentedJul 19, 2023

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has acontribution guide which I suggest you to read.

In short:

Always add tests
Keep backward compatibility (seehttps://symfony.com/bc).
Bug fixes must be submitted against the lowest maintained branch where they apply (seehttps://symfony.com/releases)
Features and deprecations must be submitted against the 6.4 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

Copy link

carsonbot commentedJul 19, 2023

It looks like you unchecked the "Allow edits from maintainer" box. That is fine, but please note that if you have multiple commits, you'll need to squash your commits into one before this can be merged. Or, you can check the "Allow edits from maintainers" box and the maintainer can squash for you.

Cheers!

Carsonbot

nicolas-grekas reviewed

Jul 20, 2023

View reviewed changes

src/Symfony/Component/Intl/Resources/bin/compress Outdated

Comment on lines 20 to 27

		$file_iterator =newRecursiveIteratorIterator(
		newRecursiveDirectoryIterator(
		dirname(__DIR__).'/data',
		FilesystemIterator::CURRENT_AS_FILEINFO \| FilesystemIterator::SKIP_DOTS
		)
		);

		foreach ($file_iteratoras$file) {

Copy link

Member

nicolas-grekasJul 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

we use camelCase for variables:

Suggested change

	$file_iterator = new RecursiveIteratorIterator(
	new RecursiveDirectoryIterator(
	dirname(__DIR__).'/data',
	FilesystemIterator::CURRENT_AS_FILEINFO \| FilesystemIterator::SKIP_DOTS
	)
	);

	foreach ($file_iterator as $file) {
	$iterator = new RecursiveIteratorIterator(
	new RecursiveDirectoryIterator(
	dirname(__DIR__).'/data',
	FilesystemIterator::CURRENT_AS_FILEINFO \| FilesystemIterator::SKIP_DOTS
	)
	);

	foreach ($iterator as $file) {

Copy link

Member

nicolas-grekas commentedJul 20, 2023

Thanks for the update. Can you please squash the two commits in one? I would have done it but "Allow edits from maintainer" is disabled so I can't.

[Intl] Fixed directory traversal in emoji compression tool

da26542

When using the compression tool, the emoji data is not compressed properly due to directory traversal issues. It only goes one level deep in the `data' directory.