[HttpFoundation] deprecated finding deep items in Request and ParameterBag

xabbuh · xabbuh · commit 73c783a216e3 · 2015-04-03T22:42:15.000+02:00
diff --git a/src/Symfony/Component/HttpFoundation/ParameterBag.php b/src/Symfony/Component/HttpFoundation/ParameterBag.php
@@ -99,9 +99,15 @@ public function add(array $parameters = array())
      * @throws \InvalidArgumentException
      *
      * @api
+     *
+     * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.
      */
     public function get($path, $default = null, $deep = false)
     {
+        if (true === $deep) {
+            trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
+        }
+
         if (!$deep || false === $pos = strpos($path, '[')) {
             return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;
         }
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -743,9 +743,15 @@ public static function getHttpMethodParameterOverride()
      * @param bool   $deep    is parameter deep in multidimensional array
      *
      * @return mixed
+     *
+     * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.
      */
     public function get($key, $default = null, $deep = false)
     {
+        if (true === $deep) {
+            trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);
+        }
+
         if ($this !== $result = $this->query->get($key, $this, $deep)) {
             return $result;
         }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php
@@ -86,11 +86,14 @@ public function testGetDoesNotUseDeepByDefault()
     }
 
     /**
+     * @group legacy
      * @dataProvider getInvalidPaths
      * @expectedException \InvalidArgumentException
      */
-    public function testGetDeepWithInvalidPaths($path)
+    public function testLegacyGetDeepWithInvalidPaths($path)
     {
+        $this->iniSet('error_reporting', -1 & ~E_USER_DEPRECATED);
+
         $bag = new ParameterBag(array('foo' => array('bar' => 'moo')));
 
         $bag->get($path, null, true);
@@ -106,8 +109,13 @@ public function getInvalidPaths()
         );
     }
 
-    public function testGetDeep()
+    /**
+     * @group legacy
+     */
+    public function testLegacyGetDeep()
     {
+        $this->iniSet('error_reporting', -1 & ~E_USER_DEPRECATED);
+
         $bag = new ParameterBag(array('foo' => array('bar' => array('moo' => 'boo'))));
 
         $this->assertEquals(array('moo' => 'boo'), $bag->get('foo[bar]', null, true));
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
@@ -17,6 +17,7 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * Class with the default authentication failure handling logic.
@@ -82,7 +83,7 @@ public function setOptions(array $options)
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) {
+        if ($failureUrl = RequestUtils::getDeepParameter($request, $this->options['failure_path_parameter'])) {
             $this->options['failure_path'] = $failureUrl;
         }
 
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * Class with the default authentication success handling logic.
@@ -108,7 +109,7 @@ protected function determineTargetUrl(Request $request)
             return $this->options['default_target_path'];
         }
 
-        if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
+        if ($targetUrl = RequestUtils::getDeepParameter($request, $this->options['target_path_parameter'])) {
             return $targetUrl;
         }
 
diff --git a/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php b/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
@@ -24,6 +24,7 @@
 use Symfony\Component\Security\Http\HttpUtils;
 use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
 use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * LogoutListener logout users.
@@ -98,7 +99,7 @@ public function handle(GetResponseEvent $event)
         }
 
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = RequestUtils::getDeepParameter($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new LogoutException('Invalid CSRF token.');
diff --git a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -28,6 +28,7 @@
 use Symfony\Component\Security\Http\HttpUtils;
 use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * @author Jordi Boggiano <j.boggiano@seld.be>
@@ -101,19 +102,19 @@ protected function requiresAuthentication(Request $request)
     protected function attemptAuthentication(Request $request)
     {
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = RequestUtils::getDeepParameter($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
 
         if ($this->options['post_only']) {
-            $username = trim($request->request->get($this->options['username_parameter'], null, true));
-            $password = $request->request->get($this->options['password_parameter'], null, true);
+            $username = trim(RequestUtils::getDeepPostParameter($request, $this->options['username_parameter']));
+            $password = RequestUtils::getDeepPostParameter($request, $this->options['password_parameter']);
         } else {
-            $username = trim($request->get($this->options['username_parameter'], null, true));
-            $password = $request->get($this->options['password_parameter'], null, true);
+            $username = trim(RequestUtils::getDeepParameter($request, $this->options['username_parameter']));
+            $password = RequestUtils::getDeepParameter($request, $this->options['password_parameter']);
         }
 
         $request->getSession()->set(Security::LAST_USERNAME, $username);
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -28,6 +28,7 @@
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * UsernamePasswordFormAuthenticationListener is the default implementation of
@@ -76,19 +77,19 @@ protected function requiresAuthentication(Request $request)
     protected function attemptAuthentication(Request $request)
     {
         if (null !== $this->csrfTokenManager) {
-            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
+            $csrfToken = RequestUtils::getDeepParameter($request, $this->options['csrf_parameter']);
 
             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
 
         if ($this->options['post_only']) {
-            $username = trim($request->request->get($this->options['username_parameter'], null, true));
-            $password = $request->request->get($this->options['password_parameter'], null, true);
+            $username = trim(RequestUtils::getDeepPostParameter($request, $this->options['username_parameter']));
+            $password = RequestUtils::getDeepPostParameter($request, $this->options['password_parameter']);
         } else {
-            $username = trim($request->get($this->options['username_parameter'], null, true));
-            $password = $request->get($this->options['password_parameter'], null, true);
+            $username = trim(RequestUtils::getDeepParameter($request, $this->options['username_parameter']));
+            $password =  RequestUtils::getDeepParameter($request, $this->options['password_parameter']);
         }
 
         $request->getSession()->set(Security::LAST_USERNAME, $username);
diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
@@ -23,6 +23,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Cookie;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\Security\Http\Util\RequestUtils;
 
 /**
  * Base class implementing the RememberMeServicesInterface.
@@ -301,7 +302,7 @@ protected function isRememberMeRequested(Request $request)
             return true;
         }
 
-        $parameter = $request->get($this->options['remember_me_parameter'], null, true);
+        $parameter = RequestUtils::getDeepParameter($request, $this->options['remember_me_parameter']);
 
         if (null === $parameter && null !== $this->logger) {
             $this->logger->debug('Did not send remember-me cookie.', array('parameter' => $this->options['remember_me_parameter']));
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
@@ -145,7 +145,7 @@ public function testFailurePathCanBeOverwritten()
     public function testFailurePathCanBeOverwrittenWithRequest()
     {
         $this->request->expects($this->once())
-            ->method('get')->with('_failure_path', null, true)
+            ->method('get')->with('_failure_path', null, false)
             ->will($this->returnValue('/auth/login'));
 
         $this->httpUtils->expects($this->once())
@@ -160,7 +160,7 @@ public function testFailurePathParameterCanBeOverwritten()
         $options = array('failure_path_parameter' => '_my_failure_path');
 
         $this->request->expects($this->once())
-            ->method('get')->with('_my_failure_path', null, true)
+            ->method('get')->with('_my_failure_path', null, false)
             ->will($this->returnValue('/auth/login'));
 
         $this->httpUtils->expects($this->once())
diff --git a/src/Symfony/Component/Security/Http/Util/RequestUtils.php b/src/Symfony/Component/Security/Http/Util/RequestUtils.php
@@ -0,0 +1,113 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Util;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * @internal
+ */
+final class RequestUtils
+{
+    /**
+     * Returns a request "parameter" value.
+     *
+     * Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
+     *
+     * @param Request $request The request
+     * @param string  $path    The key
+     *
+     * @return mixed
+     *
+     * @throws \InvalidArgumentException when the path is malformed
+     */
+    public static function getDeepParameter(Request $request, $path)
+    {
+        if (false === $pos = strpos($path, '[')) {
+            return $request->get($path, null);
+        }
+
+        $root = substr($path, 0, $pos);
+
+        if (null === $value = $request->get($root)) {
+            return;
+        }
+
+        return self::parseParameterPath($path, $pos, $value);
+    }
+
+    /**
+     * Returns a POST "parameter" value.
+     *
+     * Paths like foo[bar] will be evaluated to find deeper items in nested data structures.
+     *
+     * @param Request $request The request
+     * @param string  $path    The key
+     *
+     * @return mixed
+     *
+     * @throws \InvalidArgumentException when the path is malformed
+     */
+    public static function getDeepPostParameter(Request $request, $path)
+    {
+        if (false === $pos = strpos($path, '[')) {
+            return $request->request->get($path, null);
+        }
+
+        $root = substr($path, 0, $pos);
+
+        if (null === $value = $request->request->get($root)) {
+            return;
+        }
+
+        return self::parseParameterPath($path, $pos, $value);
+    }
+
+    private static function parseParameterPath($path, $pos, $value)
+    {
+        $currentKey = null;
+        for ($i = $pos, $c = strlen($path); $i < $c; $i++) {
+            $char = $path[$i];
+
+            if ('[' === $char) {
+                if (null !== $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "[" at position %d.', $i));
+                }
+
+                $currentKey = '';
+            } elseif (']' === $char) {
+                if (null === $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "]" at position %d.', $i));
+                }
+
+                if (!is_array($value) || !array_key_exists($currentKey, $value)) {
+                    return;
+                }
+
+                $value = $value[$currentKey];
+                $currentKey = null;
+            } else {
+                if (null === $currentKey) {
+                    throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected "%s" at position %d.', $char, $i));
+                }
+
+                $currentKey .= $char;
+            }
+        }
+
+        if (null !== $currentKey) {
+            throw new \InvalidArgumentException(sprintf('Malformed path. Path must end with "]".'));
+        }
+
+        return $value;
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -99,9 +99,15 @@ public function add(array $parameters = array())`
`99`	`99`	`* @throws \InvalidArgumentException`
`100`	`100`	`*`
`101`	`101`	`* @api`
	`102`	`+ *`
	`103`	`+ * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.`
`102`	`104`	`*/`
`103`	`105`	`public function get($path, $default = null, $deep = false)`
`104`	`106`	`{`
	`107`	`+ if (true === $deep) {`
	`108`	`+ trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);`
	`109`	`+ }`
	`110`	`+`
`105`	`111`	`if (!$deep \|\| false === $pos = strpos($path, '[')) {`
`106`	`112`	`return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;`
`107`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -743,9 +743,15 @@ public static function getHttpMethodParameterOverride()`
`743`	`743`	`* @param bool $deep is parameter deep in multidimensional array`
`744`	`744`	`*`
`745`	`745`	`* @return mixed`
	`746`	`+ *`
	`747`	`+ * @deprecated Finding deep items is deprecated since version 2.7, to be removed in 3.0.`
`746`	`748`	`*/`
`747`	`749`	`public function get($key, $default = null, $deep = false)`
`748`	`750`	`{`
	`751`	`+ if (true === $deep) {`
	`752`	`+ trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.7 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED);`
	`753`	`+ }`
	`754`	`+`
`749`	`755`	`if ($this !== $result = $this->query->get($key, $this, $deep)) {`
`750`	`756`	`return $result;`
`751`	`757`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`18`	`18`	`use Symfony\Component\Security\Core\Security;`
`19`	`19`	`use Symfony\Component\Security\Http\HttpUtils;`
	`20`	`+use Symfony\Component\Security\Http\Util\RequestUtils;`
`20`	`21`
`21`	`22`	`/**`
`22`	`23`	`* Class with the default authentication failure handling logic.`
`@@ -82,7 +83,7 @@ public function setOptions(array $options)`
`82`	`83`	`*/`
`83`	`84`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception)`
`84`	`85`	`{`
`85`		`- if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) {`
	`86`	`+ if ($failureUrl = RequestUtils::getDeepParameter($request, $this->options['failure_path_parameter'])) {`
`86`	`87`	`$this->options['failure_path'] = $failureUrl;`
`87`	`88`	`}`
`88`	`89`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`15`	`15`	`use Symfony\Component\HttpFoundation\Request;`
`16`	`16`	`use Symfony\Component\Security\Http\HttpUtils;`
	`17`	`+use Symfony\Component\Security\Http\Util\RequestUtils;`
`17`	`18`
`18`	`19`	`/**`
`19`	`20`	`* Class with the default authentication success handling logic.`
`@@ -108,7 +109,7 @@ protected function determineTargetUrl(Request $request)`
`108`	`109`	`return $this->options['default_target_path'];`
`109`	`110`	`}`
`110`	`111`
`111`		`- if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {`
	`112`	`+ if ($targetUrl = RequestUtils::getDeepParameter($request, $this->options['target_path_parameter'])) {`
`112`	`113`	`return $targetUrl;`
`113`	`114`	`}`
`114`	`115`