broadcoder
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/web.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/web.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/UriSigner.php
Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Component/HttpFoundation/UriSigner.php
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Attribute/AsController.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/Attribute/AsController.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/HttpKernel/CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Controller/ControllerResolver.php
Lines changed: 82 additions & 5 deletions b/‎src/Symfony/Component/HttpKernel/Controller/ControllerResolver.php
Lines changed: 82 additions & 5 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/Controller/ControllerResolverTest.php
Lines changed: 68 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/Controller/ControllerResolverTest.php
Lines changed: 68 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/FragmentListenerTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/FragmentListenerTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Mailer/Bridge/Brevo/Webhook/BrevoRequestParser.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Mailer/Bridge/Brevo/Webhook/BrevoRequestParser.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Mailer/Bridge/Mailgun/Webhook/MailgunRequestParser.php
Lines changed: 7 additions & 2 deletions b/‎src/Symfony/Component/Mailer/Bridge/Mailgun/Webhook/MailgunRequestParser.php
Lines changed: 7 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Mailer/Bridge/Mailjet/Webhook/MailjetRequestParser.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Mailer/Bridge/Mailjet/Webhook/MailjetRequestParser.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Mailer/Bridge/Postmark/Webhook/PostmarkRequestParser.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Mailer/Bridge/Postmark/Webhook/PostmarkRequestParser.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Mailer/Bridge/Sendgrid/Webhook/SendgridRequestParser.php
Lines changed: 7 additions & 6 deletions b/‎src/Symfony/Component/Mailer/Bridge/Sendgrid/Webhook/SendgridRequestParser.php
Lines changed: 7 additions & 6 deletions
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Bundle\FrameworkBundle\Controller\ControllerResolver;
 use Symfony\Component\HttpKernel\Controller\ArgumentResolver;
 use Symfony\Component\HttpKernel\Controller\ArgumentResolver\BackedEnumValueResolver;
@@ -40,6 +41,7 @@
                 service('service_container'),
                 service('logger')->ignoreOnInvalid(),
             ])
+            ->call('allowControllers', [[AbstractController::class]])
             ->tag('monolog.logger', ['channel' => 'request'])
 
         ->set('argument_metadata_factory', ArgumentMetadataFactory::class)
 
@@ -12,8 +12,6 @@
 namespace Symfony\Component\HttpFoundation;
 
 /**
- * Signs URIs.
- *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 class UriSigner
@@ -22,11 +20,14 @@ class UriSigner
     private string $parameter;
 
     /**
-     * @param string $secret    A secret
      * @param string $parameter Query string parameter to use
      */
     public function __construct(#[\SensitiveParameter] string $secret, string $parameter = '_hash')
     {
+        if (!$secret) {
+            throw new \InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $this->secret = $secret;
         $this->parameter = $parameter;
     }
 
@@ -18,7 +18,7 @@
  * This enables injecting services as method arguments in addition
  * to other conventional dependency injection strategies.
  */
-#[\Attribute(\Attribute::TARGET_CLASS)]
+#[\Attribute(\Attribute::TARGET_CLASS | \Attribute::TARGET_FUNCTION)]
 class AsController
 {
     public function __construct()
 
@@ -34,6 +34,7 @@ CHANGELOG
  * Deprecate `FileLinkFormatter`, use `FileLinkFormatter` from the ErrorHandler component instead
  * Add argument `$buildDir` to `WarmableInterface`
  * Add argument `$filter` to `Profiler::find()` and `FileProfilerStorage::find()`
+ * Add `ControllerResolver::allowControllers()` to define which callables are legit controllers when the `_check_controller_is_allowed` request attribute is set
 
 6.3
 ---
 
@@ -12,7 +12,9 @@
 namespace Symfony\Component\HttpKernel\Controller;
 
 use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpFoundation\Exception\BadRequestException;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Attribute\AsController;
 
 /**
  * This implementation uses the '_controller' request attribute to determine
@@ -24,12 +26,32 @@
 class ControllerResolver implements ControllerResolverInterface
 {
     private ?LoggerInterface $logger;
+    private array $allowedControllerTypes = [];
+    private array $allowedControllerAttributes = [AsController::class => AsController::class];
 
     public function __construct(LoggerInterface $logger = null)
     {
         $this->logger = $logger;
     }
 
+    /**
+     * @param array<class-string> $types
+     * @param array<class-string> $attributes
+     */
+    public function allowControllers(array $types = [], array $attributes = []): void
+    {
+        foreach ($types as $type) {
+            $this->allowedControllerTypes[$type] = $type;
+        }
+
+        foreach ($attributes as $attribute) {
+            $this->allowedControllerAttributes[$attribute] = $attribute;
+        }
+    }
+
+    /**
+     * @throws BadRequestException when the request has attribute "_check_controller_is_allowed" set to true and the controller is not allowed
+     */
     public function getController(Request $request): callable|false
     {
         if (!$controller = $request->attributes->get('_controller')) {
@@ -44,7 +66,7 @@ public function getController(Request $request): callable|false
                     $controller[0] = $this->instantiateController($controller[0]);
                 } catch (\Error|\LogicException $e) {
                     if (\is_callable($controller)) {
-                        return $controller;
+                        return $this->checkController($request, $controller);
                     }
 
                     throw $e;
@@ -55,19 +77,19 @@ public function getController(Request $request): callable|false
                 throw new \InvalidArgumentException(sprintf('The controller for URI "%s" is not callable: ', $request->getPathInfo()).$this->getControllerError($controller));
             }
 
-            return $controller;
+            return $this->checkController($request, $controller);
         }
 
         if (\is_object($controller)) {
             if (!\is_callable($controller)) {
                 throw new \InvalidArgumentException(sprintf('The controller for URI "%s" is not callable: ', $request->getPathInfo()).$this->getControllerError($controller));
             }
 
-            return $controller;
+            return $this->checkController($request, $controller);
         }
 
         if (\function_exists($controller)) {
-            return $controller;
+            return $this->checkController($request, $controller);
         }
 
         try {
@@ -80,7 +102,7 @@ public function getController(Request $request): callable|false
             throw new \InvalidArgumentException(sprintf('The controller for URI "%s" is not callable: ', $request->getPathInfo()).$this->getControllerError($callable));
         }
 
-        return $callable;
+        return $this->checkController($request, $callable);
     }
 
     /**
@@ -199,4 +221,59 @@ private function getClassMethodsWithoutMagicMethods($classOrObject): array
 
         return array_filter($methods, fn (string $method) => 0 !== strncmp($method, '__', 2));
     }
+
+    private function checkController(Request $request, callable $controller): callable
+    {
+        if (!$request->attributes->get('_check_controller_is_allowed', false)) {
+            return $controller;
+        }
+
+        $r = null;
+
+        if (\is_array($controller)) {
+            [$class, $name] = $controller;
+            $name = (\is_string($class) ? $class : $class::class).'::'.$name;
+        } elseif (\is_object($controller) && !$controller instanceof \Closure) {
+            $class = $controller;
+            $name = $class::class.'::__invoke';
+        } else {
+            $r = new \ReflectionFunction($controller);
+            $name = $r->name;
+
+            if (str_contains($name, '{closure}')) {
+                $name = $class = \Closure::class;
+            } elseif ($class = \PHP_VERSION_ID >= 80111 ? $r->getClosureCalledClass() : $r->getClosureScopeClass()) {
+                $class = $class->name;
+                $name = $class.'::'.$name;
+            }
+        }
+
+        if ($class) {
+            foreach ($this->allowedControllerTypes as $type) {
+                if (is_a($class, $type, true)) {
+                    return $controller;
+                }
+            }
+        }
+
+        $r ??= new \ReflectionClass($class);
+
+        foreach ($r->getAttributes() as $attribute) {
+            if (isset($this->allowedControllerAttributes[$attribute->getName()])) {
+                return $controller;
+            }
+        }
+
+        if (str_contains($name, '@anonymous')) {
+            $name = preg_replace_callback('/[a-zA-Z_\x7f-\xff][\\\\a-zA-Z0-9_\x7f-\xff]*+@anonymous\x00.*?\.php(?:0x?|:[0-9]++\$)[0-9a-fA-F]++/', fn ($m) => class_exists($m[0], false) ? (get_parent_class($m[0]) ?: key(class_implements($m[0])) ?: 'class').'@anonymous' : $m[0], $name);
+        }
+
+        if (-1 === $request->attributes->get('_check_controller_is_allowed')) {
+            trigger_deprecation('symfony/http-kernel', '6.4', 'Callable "%s()" is not allowed as a controller. Did you miss tagging it with "#[AsController]" or registering its type with "%s::allowControllers()"?', $name, self::class);
+
+            return $controller;
+        }
+
+        throw new BadRequestException(sprintf('Callable "%s()" is not allowed as a controller. Did you miss tagging it with "#[AsController]" or registering its type with "%s::allowControllers()"?', $name, self::class));
+    }
 }
@@ -70,6 +70,7 @@ public function onKernelRequest(RequestEvent $event): void
         }
 
         parse_str($request->query->get('_path', ''), $attributes);
+        $attributes['_check_controller_is_allowed'] = -1; // @deprecated, switch to true in Symfony 7
         $request->attributes->add($attributes);
         $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', []), $attributes));
         $request->query->remove('_path');
 
@@ -13,7 +13,9 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpFoundation\Exception\BadRequestException;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\HttpKernel\Controller\ControllerResolver;
 
 class ControllerResolverTest extends TestCase
@@ -185,12 +187,77 @@ public static function getUndefinedControllers()
         ];
     }
 
+    public function testAllowedControllerTypes()
+    {
+        $resolver = $this->createControllerResolver();
+
+        $request = Request::create('/');
+        $controller = new ControllerTest();
+        $request->attributes->set('_controller', [$controller, 'publicAction']);
+        $request->attributes->set('_check_controller_is_allowed', true);
+
+        try {
+            $resolver->getController($request);
+            $this->expectException(BadRequestException::class);
+        } catch (BadRequestException) {
+            // expected
+        }
+
+        $resolver->allowControllers(types: [ControllerTest::class]);
+
+        $this->assertSame([$controller, 'publicAction'], $resolver->getController($request));
+
+        $request->attributes->set('_controller', $action = $controller->publicAction(...));
+        $this->assertSame($action, $resolver->getController($request));
+    }
+
+    public function testAllowedControllerAttributes()
+    {
+        $resolver = $this->createControllerResolver();
+
+        $request = Request::create('/');
+        $controller = some_controller_function(...);
+        $request->attributes->set('_controller', $controller);
+        $request->attributes->set('_check_controller_is_allowed', true);
+
+        try {
+            $resolver->getController($request);
+            $this->expectException(BadRequestException::class);
+        } catch (BadRequestException) {
+            // expected
+        }
+
+        $resolver->allowControllers(attributes: [DummyController::class]);
+
+        $this->assertSame($controller, $resolver->getController($request));
+
+        $controller = some_controller_function::class;
+        $request->attributes->set('_controller', $controller);
+        $this->assertSame($controller, $resolver->getController($request));
+    }
+
+    public function testAllowedAsControllerAttribute()
+    {
+        $resolver = $this->createControllerResolver();
+
+        $request = Request::create('/');
+        $controller = new InvokableController();
+        $request->attributes->set('_controller', [$controller, '__invoke']);
+        $request->attributes->set('_check_controller_is_allowed', true);
+
+        $this->assertSame([$controller, '__invoke'], $resolver->getController($request));
+
+        $request->attributes->set('_controller', $controller);
+        $this->assertSame($controller, $resolver->getController($request));
+    }
+
     protected function createControllerResolver(LoggerInterface $logger = null)
     {
         return new ControllerResolver($logger);
     }
 }
 
+#[DummyController]
 function some_controller_function($foo, $foobar)
 {
 }
@@ -223,6 +290,7 @@ public static function staticAction()
     }
 }
 
+#[AsController]
 class InvokableController
 {
     public function __invoke($foo, $bar = null)
 
@@ -83,7 +83,7 @@ public function testWithSignature()
 
         $listener->onKernelRequest($event);
 
-        $this->assertEquals(['foo' => 'bar', '_controller' => 'foo'], $request->attributes->get('_route_params'));
+        $this->assertEquals(['foo' => 'bar', '_controller' => 'foo', '_check_controller_is_allowed' => -1], $request->attributes->get('_route_params'));
         $this->assertFalse($request->query->has('_path'));
     }
 
 
@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         $content = $request->toArray();
         if (
 
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
 use Symfony\Component\Mailer\Bridge\Mailgun\RemoteEvent\MailgunPayloadConverter;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;
 use Symfony\Component\RemoteEvent\Exception\ParseException;
 use Symfony\Component\Webhook\Client\AbstractRequestParser;
@@ -37,8 +38,12 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $content = $request->toArray();
         if (
             !isset($content['signature']['timestamp'])
@@ -60,7 +65,7 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve
         }
     }
 
-    private function validateSignature(array $signature, string $secret): void
+    private function validateSignature(array $signature, #[\SensitiveParameter] string $secret): void
     {
         // see https://documentation.mailgun.com/en/latest/user_manual.html#webhooks-1
         if (!hash_equals($signature['signature'], hash_hmac('sha256', $signature['timestamp'].$signature['token'], $secret))) {
 
@@ -37,7 +37,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         try {
             return $this->converter->convert($request->toArray());
 
@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         $payload = $request->toArray();
         if (
 
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
 use Symfony\Component\Mailer\Bridge\Sendgrid\RemoteEvent\SendgridPayloadConverter;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;
 use Symfony\Component\RemoteEvent\Exception\ParseException;
 use Symfony\Component\Webhook\Client\AbstractRequestParser;
@@ -86,12 +87,12 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve
      *
      * @see https://docs.sendgrid.com/for-developers/tracking-events/getting-started-event-webhook-security-features
      */
-    private function validateSignature(
-        string $signature,
-        string $timestamp,
-        string $payload,
-        string $secret,
-    ): void {
+    private function validateSignature(string $signature, string $timestamp, string $payload, #[\SensitiveParameter] string $secret): void
+    {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $timestampedPayload = $timestamp.$payload;
 
         // Sendgrid provides the verification key as base64-encoded DER data. Openssl wants a PEM format, which is a multiline version of the base64 data.
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`* This enables injecting services as method arguments in addition`
`19`	`19`	`* to other conventional dependency injection strategies.`
`20`	`20`	`*/`
`21`		`-#[\Attribute(\Attribute::TARGET_CLASS)]`
	`21`	`+#[\Attribute(\Attribute::TARGET_CLASS \| \Attribute::TARGET_FUNCTION)]`
`22`	`22`	`class AsController`
`23`	`23`	`{`
`24`	`24`	`public function __construct()`
Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ public function onKernelRequest(RequestEvent $event): void`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`parse_str($request->query->get('_path', ''), $attributes);`
	`73`	`+ $attributes['_check_controller_is_allowed'] = -1; // @deprecated, switch to true in Symfony 7`
`73`	`74`	`$request->attributes->add($attributes);`
`74`	`75`	`$request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', []), $attributes));`
`75`	`76`	`$request->query->remove('_path');`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ public function testWithSignature()`
`83`	`83`
`84`	`84`	`$listener->onKernelRequest($event);`
`85`	`85`
`86`		`- $this->assertEquals(['foo' => 'bar', '_controller' => 'foo'], $request->attributes->get('_route_params'));`
	`86`	`+ $this->assertEquals(['foo' => 'bar', '_controller' => 'foo', '_check_controller_is_allowed' => -1], $request->attributes->get('_route_params'));`
`87`	`87`	`$this->assertFalse($request->query->has('_path'));`
`88`	`88`	`}`
`89`	`89`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`41`	`41`	`]);`
`42`	`42`	`}`
`43`	`43`
`44`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`44`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`45`	`45`	`{`
`46`	`46`	`$content = $request->toArray();`
`47`	`47`	`if (`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;`
`18`	`18`	`use Symfony\Component\HttpFoundation\RequestMatcherInterface;`
`19`	`19`	`use Symfony\Component\Mailer\Bridge\Mailgun\RemoteEvent\MailgunPayloadConverter;`
	`20`	`+use Symfony\Component\Mailer\Exception\InvalidArgumentException;`
`20`	`21`	`use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;`
`21`	`22`	`use Symfony\Component\RemoteEvent\Exception\ParseException;`
`22`	`23`	`use Symfony\Component\Webhook\Client\AbstractRequestParser;`
`@@ -37,8 +38,12 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`37`	`38`	`]);`
`38`	`39`	`}`
`39`	`40`
`40`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`41`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`41`	`42`	`{`
	`43`	`+ if (!$secret) {`
	`44`	`+ throw new InvalidArgumentException('A non-empty secret is required.');`
	`45`	`+ }`
	`46`	`+`
`42`	`47`	`$content = $request->toArray();`
`43`	`48`	`if (`
`44`	`49`	`!isset($content['signature']['timestamp'])`
`@@ -60,7 +65,7 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve`
`60`	`65`	`}`
`61`	`66`	`}`
`62`	`67`
`63`		`- private function validateSignature(array $signature, string $secret): void`
	`68`	`+ private function validateSignature(array $signature, #[\SensitiveParameter] string $secret): void`
`64`	`69`	`{`
`65`	`70`	`// see https://documentation.mailgun.com/en/latest/user_manual.html#webhooks-1`
`66`	`71`	`if (!hash_equals($signature['signature'], hash_hmac('sha256', $signature['timestamp'].$signature['token'], $secret))) {`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`37`	`37`	`]);`
`38`	`38`	`}`
`39`	`39`
`40`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`40`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`41`	`41`	`{`
`42`	`42`	`try {`
`43`	`43`	`return $this->converter->convert($request->toArray());`