Skip to content

[Security] AbstractVoter->supportsAttribute gives false positive if attribute is zero (0) #20734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 14, 2016
Merged

[Security] AbstractVoter->supportsAttribute gives false positive if attribute is zero (0) #20734

merged 1 commit into from
Dec 14, 2016

Conversation

martynas-foodpanda
Copy link

@martynas-foodpanda martynas-foodpanda commented Dec 3, 2016
edited
Loading

Q A
Branch? 2.7
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets
License MIT
Doc PR

Issue is easy to reproduce with test giving negative data set.
0 should not pass as supported attribute for any set of attributes but it does as in_array in the method does not use flag 'strict' set to true.

As this is abstract voter and is used by users with their code flag 'strict' should be set to true.
Since is there in 2.7 and 2.8 (LTS) IMHO it should be fixed.

@martynas-foodpanda martynas-foodpanda force-pushed the abstract_voter_accepts_zero_as_attribute branch 2 times, most recently from 6ab5fd0 to fca92e1 Compare December 3, 2016 12:03
@martynas-foodpanda martynas-foodpanda force-pushed the abstract_voter_accepts_zero_as_attribute branch from fca92e1 to 8306530 Compare December 3, 2016 14:43
@nicolas-grekas nicolas-grekas added this to the 2.7 milestone Dec 6, 2016
@fabpot
Copy link
Member

fabpot commented Dec 13, 2016

👍

@fabpot
Copy link
Member

fabpot commented Dec 14, 2016

Thank you @martynas-foodpanda.

@fabpot fabpot merged commit 8306530 into symfony:2.7 Dec 14, 2016
fabpot added a commit that referenced this pull request Dec 14, 2016
@fabpot
bug #20734 [Security] AbstractVoter->supportsAttribute gives false po…
482e9ed 
…sitive if attribute is zero (0) (martynas-foodpanda)

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] AbstractVoter->supportsAttribute gives false positive if attribute is zero (0)

| Q             | A
| ------------- | ---
| Branch?       |  2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

Issue is easy to reproduce with test giving negative data set.
0 should not pass as supported attribute for any set of attributes but it does as in_array in the method does not use flag 'strict' set to true.

As this is abstract voter and is used by users with their code flag 'strict' should be set to true.
Since is there in 2.7 and 2.8 (LTS) IMHO it should be fixed.

Commits
-------

8306530 [Security] AbstractVoter method supportsAttribute gives false positive if attribute is zero (0)
This was referenced Jan 12, 2017
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Bug Security Status: Needs Review
Projects
None yet
Milestone
2.7
Development

Successfully merging this pull request may close these issues.
4 participants
@martynas-foodpanda @fabpot @nicolas-grekas @carsonbot