Skip to content

[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass #34788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2019
Merged

[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass #34788

merged 1 commit into from
Dec 6, 2019

Conversation

fancyweb
Copy link
Contributor

@fancyweb fancyweb commented Dec 3, 2019
edited
Loading

Q A
Branch? 3.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets #34774
License MIT
Doc PR -

%s should be escaped, so it is dumped as %%s (it ends up being properly unescaped at load time, so the passed value to the service is the same).

@fancyweb fancyweb force-pushed the security-bundle-properly-escape branch from e49e523 to de03cee Compare December 3, 2019 18:27
@fancyweb fancyweb changed the title [SecurityBundle] Property escape regex in AddSessionDomainConstraintPass [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass Dec 3, 2019
@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Dec 4, 2019
@chalasr
Copy link
Member

chalasr commented Dec 6, 2019

Thank you @fancyweb.

chalasr added a commit that referenced this pull request Dec 6, 2019
@chalasr
bug #34788 [SecurityBundle] Properly escape regex in AddSessionDomain…
ae6c5d3 
…ConstraintPass (fancyweb)

This PR was merged into the 3.4 branch.

Discussion
----------

[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | #34774
| License       | MIT
| Doc PR        | -

`%s` should be escaped, so it is dumped as `%%s` (it ends up being properly unescaped at load time, so the passed value to the service is the same).

Commits
-------

de03cee [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
@chalasr chalasr merged commit de03cee into symfony:3.4 Dec 6, 2019
@fancyweb fancyweb deleted the security-bundle-properly-escape branch December 6, 2019 21:08
This was referenced Dec 19, 2019
Merged
Merged
This was referenced Jan 21, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@bykclk bykclk bykclk approved these changes

Assignees
No one assigned
Labels
Bug SecurityBundle Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
5 participants
@fancyweb @chalasr @nicolas-grekas @bykclk @carsonbot