Merge branch '6.3' into 6.4

xabbuh · xabbuh · commit 9a1a42e9b57f · 2023-11-06T12:00:25.000+01:00
* 6.3:
  fix tests
  Remove full DSNs from exception messages
  [Yaml] Fix uid binary parsing
  Disable the "Copy as cURL" button when the debug info are disabled
  [HttpClient] Replace `escapeshellarg` to prevent overpassing `ARG_MAX`
  [HttpKernel] Preventing error 500 when function putenv is disabled
  [PasswordHasher][Tests] Do not invoke methods with additional arguments in tests
  remove invalid group
  Fix block scalar array parsing
diff --git a/src/Symfony/Component/Form/Tests/Resources/TranslationFilesTest.php b/src/Symfony/Component/Form/Tests/Resources/TranslationFilesTest.php
@@ -31,8 +31,6 @@ public function testTranslationFileIsValid($filePath)
 
     /**
      * @dataProvider provideTranslationFiles
-     *
-     * @group Legacy
      */
     public function testTranslationFileIsValidWithoutEntityLoader($filePath)
     {
diff --git a/src/Symfony/Component/HttpClient/DataCollector/HttpClientDataCollector.php b/src/Symfony/Component/HttpClient/DataCollector/HttpClientDataCollector.php
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\DataCollector\DataCollector;
 use Symfony\Component\HttpKernel\DataCollector\LateDataCollectorInterface;
+use Symfony\Component\Process\Process;
 use Symfony\Component\VarDumper\Caster\ImgStub;
 
 /**
@@ -193,27 +194,14 @@ private function getCurlCommand(array $trace): ?string
         $dataArg = [];
 
         if ($json = $trace['options']['json'] ?? null) {
-            if (!$this->argMaxLengthIsSafe($payload = self::jsonEncode($json))) {
-                return null;
-            }
-            $dataArg[] = '--data '.escapeshellarg($payload);
+            $dataArg[] = '--data-raw '.$this->escapePayload(self::jsonEncode($json));
         } elseif ($body = $trace['options']['body'] ?? null) {
             if (\is_string($body)) {
-                if (!$this->argMaxLengthIsSafe($body)) {
-                    return null;
-                }
-                try {
-                    $dataArg[] = '--data '.escapeshellarg($body);
-                } catch (\ValueError) {
-                    return null;
-                }
+                $dataArg[] = '--data-raw '.$this->escapePayload($body);
             } elseif (\is_array($body)) {
                 $body = explode('&', self::normalizeBody($body));
                 foreach ($body as $value) {
-                    if (!$this->argMaxLengthIsSafe($payload = urldecode($value))) {
-                        return null;
-                    }
-                    $dataArg[] = '--data '.escapeshellarg($payload);
+                    $dataArg[] = '--data-raw '.$this->escapePayload(urldecode($value));
                 }
             } else {
                 return null;
@@ -230,6 +218,11 @@ private function getCurlCommand(array $trace): ?string
                 break;
             }
 
+            if (str_starts_with('Due to a bug in curl ', $line)) {
+                // When the curl client disables debug info due to a curl bug, we cannot build the command.
+                return null;
+            }
+
             if ('' === $line || preg_match('/^[*<]|(Host: )/', $line)) {
                 continue;
             }
@@ -250,13 +243,18 @@ private function getCurlCommand(array $trace): ?string
         return implode(" \\\n  ", $command);
     }
 
-    /**
-     * Let's be defensive : we authorize only size of 8kio on Windows for escapeshellarg() argument to avoid a fatal error.
-     *
-     * @see https://github.com/php/php-src/blob/9458f5f2c8a8e3d6c65cc181747a5a75654b7c6e/ext/standard/exec.c#L397
-     */
-    private function argMaxLengthIsSafe(string $payload): bool
+    private function escapePayload(string $payload): string
     {
-        return \strlen($payload) < ('\\' === \DIRECTORY_SEPARATOR ? 8100 : 256000);
+        static $useProcess;
+
+        if ($useProcess ??= class_exists(Process::class)) {
+            return (new Process([$payload]))->getCommandLine();
+        }
+
+        if ('\\' === \DIRECTORY_SEPARATOR) {
+            return '"'.str_replace('"', '""', $payload).'"';
+        }
+
+        return "'".str_replace("'", "'\\''", $payload)."'";
     }
 }
diff --git a/src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php b/src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php
@@ -248,7 +248,7 @@ public static function provideCurlRequests(): iterable
   --header %1$sContent-Type: application/x-www-form-urlencoded%1$s \\
   --header %1$sAccept-Encoding: gzip%1$s \\
   --header %1$sUser-Agent: Symfony HttpClient (Native)%1$s \\
-  --data %1$sfoobarbaz%1$s',
+  --data-raw %1$sfoobarbaz%1$s',
         ];
         yield 'POST with array body' => [
             [
@@ -286,7 +286,7 @@ public function __toString(): string
   --header %1$sContent-Length: 211%1$s \\
   --header %1$sAccept-Encoding: gzip%1$s \\
   --header %1$sUser-Agent: Symfony HttpClient (Native)%1$s \\
-  --data %1$sfoo=fooval%1$s --data %1$sbar=barval%1$s --data %1$sbaz=bazval%1$s --data %1$sfoobar[baz]=bazval%1$s --data %1$sfoobar[qux]=quxval%1$s --data %1$sbazqux[0]=bazquxval1%1$s --data %1$sbazqux[1]=bazquxval2%1$s --data %1$sobject[fooprop]=foopropval%1$s --data %1$sobject[barprop]=barpropval%1$s --data %1$stostring=tostringval%1$s',
+  --data-raw %1$sfoo=fooval%1$s --data-raw %1$sbar=barval%1$s --data-raw %1$sbaz=bazval%1$s --data-raw %1$sfoobar[baz]=bazval%1$s --data-raw %1$sfoobar[qux]=quxval%1$s --data-raw %1$sbazqux[0]=bazquxval1%1$s --data-raw %1$sbazqux[1]=bazquxval2%1$s --data-raw %1$sobject[fooprop]=foopropval%1$s --data-raw %1$sobject[barprop]=barpropval%1$s --data-raw %1$stostring=tostringval%1$s',
         ];
 
         // escapeshellarg on Windows replaces double quotes & percent signs with spaces
@@ -337,7 +337,7 @@ public function __toString(): string
   --header %1$sContent-Length: 120%1$s \\
   --header %1$sAccept-Encoding: gzip%1$s \\
   --header %1$sUser-Agent: Symfony HttpClient (Native)%1$s \\
-  --data %1$s{"foo":{"bar":"baz","qux":[1.1,1.0],"fred":["\u003Cfoo\u003E","\u0027bar\u0027","\u0022baz\u0022","\u0026blong\u0026"]}}%1$s',
+  --data-raw %1$s{"foo":{"bar":"baz","qux":[1.1,1.0],"fred":["\u003Cfoo\u003E","\u0027bar\u0027","\u0022baz\u0022","\u0026blong\u0026"]}}%1$s',
             ];
         }
     }
@@ -397,29 +397,7 @@ public function testItDoesNotGeneratesCurlCommandsForUnsupportedBodyType()
     /**
      * @requires extension openssl
      */
-    public function testItDoesNotGeneratesCurlCommandsForNotEncodableBody()
-    {
-        $sut = new HttpClientDataCollector();
-        $sut->registerClient('http_client', $this->httpClientThatHasTracedRequests([
-            [
-                'method' => 'POST',
-                'url' => 'http://localhost:8057/json',
-                'options' => [
-                    'body' => "\0",
-                ],
-            ],
-        ]));
-        $sut->lateCollect();
-        $collectedData = $sut->getClients();
-        self::assertCount(1, $collectedData['http_client']['traces']);
-        $curlCommand = $collectedData['http_client']['traces'][0]['curlCommand'];
-        self::assertNull($curlCommand);
-    }
-
-    /**
-     * @requires extension openssl
-     */
-    public function testItDoesNotGeneratesCurlCommandsForTooBigData()
+    public function testItDoesGenerateCurlCommandsForBigData()
     {
         $sut = new HttpClientDataCollector();
         $sut->registerClient('http_client', $this->httpClientThatHasTracedRequests([
@@ -435,7 +413,7 @@ public function testItDoesNotGeneratesCurlCommandsForTooBigData()
         $collectedData = $sut->getClients();
         self::assertCount(1, $collectedData['http_client']['traces']);
         $curlCommand = $collectedData['http_client']['traces'][0]['curlCommand'];
-        self::assertNull($curlCommand);
+        self::assertNotNull($curlCommand);
     }
 
     private function httpClientThatHasTracedRequests($tracedRequests): TraceableHttpClient
diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php
@@ -752,7 +752,9 @@ private function preBoot(): ContainerInterface
             $this->startTime = microtime(true);
         }
         if ($this->debug && !isset($_ENV['SHELL_VERBOSITY']) && !isset($_SERVER['SHELL_VERBOSITY'])) {
-            putenv('SHELL_VERBOSITY=3');
+            if (\function_exists('putenv')) {
+                putenv('SHELL_VERBOSITY=3');
+            }
             $_ENV['SHELL_VERBOSITY'] = 3;
             $_SERVER['SHELL_VERBOSITY'] = 3;
         }
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php
@@ -51,25 +51,25 @@ public function testValidation()
     {
         $hasher = new NativePasswordHasher();
         $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
-        $this->assertFalse($hasher->verify($result, 'anotherPassword', null));
-        $this->assertFalse($hasher->verify($result, '', null));
+        $this->assertTrue($hasher->verify($result, 'password'));
+        $this->assertFalse($hasher->verify($result, 'anotherPassword'));
+        $this->assertFalse($hasher->verify($result, ''));
     }
 
     public function testNonArgonValidation()
     {
         $hasher = new NativePasswordHasher();
-        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
-        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
-        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
-        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));
+        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));
+        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));
+        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));
     }
 
     public function testConfiguredAlgorithm()
     {
         $hasher = new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT);
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
         $this->assertStringStartsWith('$2', $result);
     }
 
@@ -84,8 +84,8 @@ public function testDefaultAlgorithm()
     public function testConfiguredAlgorithmWithLegacyConstValue()
     {
         $hasher = new NativePasswordHasher(null, null, null, '1');
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
         $this->assertStringStartsWith('$2', $result);
     }
 
@@ -94,17 +94,17 @@ public function testBcryptWithLongPassword()
         $hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
         $plainPassword = str_repeat('a', 100);
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
     }
 
     public function testBcryptWithNulByte()
     {
         $hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
         $plainPassword = "a\0b";
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
     }
 
     public function testNeedsRehash()
@@ -113,7 +113,7 @@ public function testNeedsRehash()
 
         $this->assertTrue($hasher->needsRehash('dummyhash'));
 
-        $hash = $hasher->hash('foo', 'salt');
+        $hash = $hasher->hash('foo');
         $this->assertFalse($hasher->needsRehash($hash));
 
         $hasher = new NativePasswordHasher(5, 11000, 5);
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php
@@ -109,7 +109,7 @@ public function testGetNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha1'),
         ]);
 
-        $hasher = $factory->getPasswordHasher(new HasherAwareUser('user', 'pass'));
+        $hasher = $factory->getPasswordHasher(new HasherAwareUser());
         $expectedHasher = new MessageDigestPasswordHasher('sha1');
         $this->assertEquals($expectedHasher->hash('foo', ''), $hasher->hash('foo', ''));
     }
@@ -121,7 +121,7 @@ public function testGetNullNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha256'),
         ]);
 
-        $user = new HasherAwareUser('mathilde', 'krogulec');
+        $user = new HasherAwareUser();
         $user->hasherName = null;
         $hasher = $factory->getPasswordHasher($user);
         $expectedHasher = new MessageDigestPasswordHasher('sha1');
@@ -136,7 +136,7 @@ public function testGetInvalidNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha256'),
         ]);
 
-        $user = new HasherAwareUser('user', 'pass');
+        $user = new HasherAwareUser();
         $user->hasherName = 'invalid_hasher_name';
         $factory->getPasswordHasher($user);
     }
@@ -167,9 +167,9 @@ public function testMigrateFrom()
         $hasher = $factory->getPasswordHasher(SomeUser::class);
         $this->assertInstanceOf(MigratingPasswordHasher::class, $hasher);
 
-        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo', null), 'foo', null));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo', null), 'foo', null));
-        $this->assertTrue($hasher->verify($digest->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo'), 'foo', null));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo'), 'foo', null));
+        $this->assertTrue($hasher->verify($digest->hash('foo'), 'foo', null));
         $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
     }
 
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php
@@ -28,65 +28,65 @@ protected function setUp(): void
     public function testValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
-        $this->assertFalse($hasher->verify($result, 'anotherPassword', null));
-        $this->assertFalse($hasher->verify($result, '', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
+        $this->assertFalse($hasher->verify($result, 'anotherPassword'));
+        $this->assertFalse($hasher->verify($result, ''));
     }
 
     public function testBcryptValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
+        $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc'));
     }
 
     public function testNonArgonValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
-        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
-        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
-        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));
+        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));
+        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));
+        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));
     }
 
     public function testHashLength()
     {
         $this->expectException(InvalidPasswordException::class);
         $hasher = new SodiumPasswordHasher();
-        $hasher->hash(str_repeat('a', 4097), 'salt');
+        $hasher->hash(str_repeat('a', 4097));
     }
 
     public function testCheckPasswordLength()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash(str_repeat('a', 4096), null);
-        $this->assertFalse($hasher->verify($result, str_repeat('a', 4097), null));
-        $this->assertTrue($hasher->verify($result, str_repeat('a', 4096), null));
+        $result = $hasher->hash(str_repeat('a', 4096));
+        $this->assertFalse($hasher->verify($result, str_repeat('a', 4097)));
+        $this->assertTrue($hasher->verify($result, str_repeat('a', 4096)));
     }
 
     public function testBcryptWithLongPassword()
     {
-        $hasher = new SodiumPasswordHasher(null, null, 4);
+        $hasher = new SodiumPasswordHasher(null, null);
         $plainPassword = str_repeat('a', 100);
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
     }
 
     public function testBcryptWithNulByte()
     {
-        $hasher = new SodiumPasswordHasher(null, null, 4);
+        $hasher = new SodiumPasswordHasher(null, null);
         $plainPassword = "a\0b";
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
     }
 
     public function testUserProvidedSaltIsNotUsed()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash('password', 'salt');
-        $this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
     }
 
     public function testNeedsRehash()
@@ -95,7 +95,7 @@ public function testNeedsRehash()
 
         $this->assertTrue($hasher->needsRehash('dummyhash'));
 
-        $hash = $hasher->hash('foo', 'salt');
+        $hash = $hasher->hash('foo');
         $this->assertFalse($hasher->needsRehash($hash));
 
         $hasher = new SodiumPasswordHasher(5, 11000);
diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php
@@ -527,7 +527,7 @@ private static function parseMapping(string $mapping, int $flags, int &$i = 0, a
                         if ('<<' === $key) {
                             $output += $value;
                         } elseif ($allowOverwrite || !isset($output[$key])) {
-                            if (!$isValueQuoted && \is_string($value) && '' !== $value && '&' === $value[0] && Parser::preg_match(Parser::REFERENCE_PATTERN, $value, $matches)) {
+                            if (!$isValueQuoted && \is_string($value) && '' !== $value && '&' === $value[0] && !self::isBinaryString($value) && Parser::preg_match(Parser::REFERENCE_PATTERN, $value, $matches)) {
                                 $references[$matches['ref']] = $matches['value'];
                                 $value = $matches['value'];
                             }
diff --git a/src/Symfony/Component/Yaml/Parser.php b/src/Symfony/Component/Yaml/Parser.php
diff --git a/src/Symfony/Component/Yaml/Tests/InlineTest.php b/src/Symfony/Component/Yaml/Tests/InlineTest.php
diff --git a/src/Symfony/Component/Yaml/Tests/ParserTest.php b/src/Symfony/Component/Yaml/Tests/ParserTest.php

Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,6 @@ public function testTranslationFileIsValid($filePath)`
`31`	`31`
`32`	`32`	`/**`
`33`	`33`	`* @dataProvider provideTranslationFiles`
`34`		`- *`
`35`		`- * @group Legacy`
`36`	`34`	`*/`
`37`	`35`	`public function testTranslationFileIsValidWithoutEntityLoader($filePath)`
`38`	`36`	`{`
Original file line number	Diff line number	Diff line change
`@@ -752,7 +752,9 @@ private function preBoot(): ContainerInterface`
`752`	`752`	`$this->startTime = microtime(true);`
`753`	`753`	`}`
`754`	`754`	`if ($this->debug && !isset($_ENV['SHELL_VERBOSITY']) && !isset($_SERVER['SHELL_VERBOSITY'])) {`
`755`		`- putenv('SHELL_VERBOSITY=3');`
	`755`	`+ if (\function_exists('putenv')) {`
	`756`	`+ putenv('SHELL_VERBOSITY=3');`
	`757`	`+ }`
`756`	`758`	`$_ENV['SHELL_VERBOSITY'] = 3;`
`757`	`759`	`$_SERVER['SHELL_VERBOSITY'] = 3;`
`758`	`760`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,65 +28,65 @@ protected function setUp(): void`
`28`	`28`	`public function testValidation()`
`29`	`29`	`{`
`30`	`30`	`$hasher = new SodiumPasswordHasher();`
`31`		`- $result = $hasher->hash('password', null);`
`32`		`- $this->assertTrue($hasher->verify($result, 'password', null));`
`33`		`- $this->assertFalse($hasher->verify($result, 'anotherPassword', null));`
`34`		`- $this->assertFalse($hasher->verify($result, '', null));`
	`31`	`+ $result = $hasher->hash('password');`
	`32`	`+ $this->assertTrue($hasher->verify($result, 'password'));`
	`33`	`+ $this->assertFalse($hasher->verify($result, 'anotherPassword'));`
	`34`	`+ $this->assertFalse($hasher->verify($result, ''));`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`public function testBcryptValidation()`
`38`	`38`	`{`
`39`	`39`	`$hasher = new SodiumPasswordHasher();`
`40`		`- $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));`
	`40`	`+ $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc'));`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`public function testNonArgonValidation()`
`44`	`44`	`{`
`45`	`45`	`$hasher = new SodiumPasswordHasher();`
`46`		`- $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));`
`47`		`- $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));`
`48`		`- $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));`
`49`		`- $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));`
	`46`	`+ $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));`
	`47`	`+ $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));`
	`48`	`+ $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));`
	`49`	`+ $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`public function testHashLength()`
`53`	`53`	`{`
`54`	`54`	`$this->expectException(InvalidPasswordException::class);`
`55`	`55`	`$hasher = new SodiumPasswordHasher();`
`56`		`- $hasher->hash(str_repeat('a', 4097), 'salt');`
	`56`	`+ $hasher->hash(str_repeat('a', 4097));`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`public function testCheckPasswordLength()`
`60`	`60`	`{`
`61`	`61`	`$hasher = new SodiumPasswordHasher();`
`62`		`- $result = $hasher->hash(str_repeat('a', 4096), null);`
`63`		`- $this->assertFalse($hasher->verify($result, str_repeat('a', 4097), null));`
`64`		`- $this->assertTrue($hasher->verify($result, str_repeat('a', 4096), null));`
	`62`	`+ $result = $hasher->hash(str_repeat('a', 4096));`
	`63`	`+ $this->assertFalse($hasher->verify($result, str_repeat('a', 4097)));`
	`64`	`+ $this->assertTrue($hasher->verify($result, str_repeat('a', 4096)));`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`public function testBcryptWithLongPassword()`
`68`	`68`	`{`
`69`		`- $hasher = new SodiumPasswordHasher(null, null, 4);`
	`69`	`+ $hasher = new SodiumPasswordHasher(null, null);`
`70`	`70`	`$plainPassword = str_repeat('a', 100);`
`71`	`71`
`72`		`- $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));`
`73`		`- $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));`
	`72`	`+ $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));`
	`73`	`+ $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`public function testBcryptWithNulByte()`
`77`	`77`	`{`
`78`		`- $hasher = new SodiumPasswordHasher(null, null, 4);`
	`78`	`+ $hasher = new SodiumPasswordHasher(null, null);`
`79`	`79`	`$plainPassword = "a\0b";`
`80`	`80`
`81`		`- $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));`
`82`		`- $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));`
	`81`	`+ $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));`
	`82`	`+ $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`public function testUserProvidedSaltIsNotUsed()`
`86`	`86`	`{`
`87`	`87`	`$hasher = new SodiumPasswordHasher();`
`88`		`- $result = $hasher->hash('password', 'salt');`
`89`		`- $this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));`
	`88`	`+ $result = $hasher->hash('password');`
	`89`	`+ $this->assertTrue($hasher->verify($result, 'password'));`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`public function testNeedsRehash()`
`@@ -95,7 +95,7 @@ public function testNeedsRehash()`
`95`	`95`
`96`	`96`	`$this->assertTrue($hasher->needsRehash('dummyhash'));`
`97`	`97`
`98`		`- $hash = $hasher->hash('foo', 'salt');`
	`98`	`+ $hash = $hasher->hash('foo');`
`99`	`99`	`$this->assertFalse($hasher->needsRehash($hash));`
`100`	`100`
`101`	`101`	`$hasher = new SodiumPasswordHasher(5, 11000);`
Original file line number	Diff line number	Diff line change
`@@ -527,7 +527,7 @@ private static function parseMapping(string $mapping, int $flags, int &$i = 0, a`
`527`	`527`	`if ('<<' === $key) {`
`528`	`528`	`$output += $value;`
`529`	`529`	`} elseif ($allowOverwrite \|\| !isset($output[$key])) {`
`530`		`- if (!$isValueQuoted && \is_string($value) && '' !== $value && '&' === $value[0] && Parser::preg_match(Parser::REFERENCE_PATTERN, $value, $matches)) {`
	`530`	`+ if (!$isValueQuoted && \is_string($value) && '' !== $value && '&' === $value[0] && !self::isBinaryString($value) && Parser::preg_match(Parser::REFERENCE_PATTERN, $value, $matches)) {`
`531`	`531`	`$references[$matches['ref']] = $matches['value'];`
`532`	`532`	`$value = $matches['value'];`
`533`	`533`	`}`