bug symfony#28344 [HttpKernel][FrameworkBundle] Fix escaping of serialized payloads passed to test clients (nicolas-grekas)

fabpot · fabpot · commit cf359c2e79c8 · 2018-09-04T10:15:22.000+02:00
This PR was merged into the 2.8 branch. Discussion ---------- [HttpKernel][FrameworkBundle] Fix escaping of serialized payloads passed to test clients | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | symfony#28125 | License | MIT | Doc PR | - Commits ------- 2554554 [HttpKernel][FrameworkBundle] Fix escaping of serialized payloads passed to test clients
diff --git a/src/Symfony/Bundle/FrameworkBundle/Client.php b/src/Symfony/Bundle/FrameworkBundle/Client.php
@@ -161,19 +161,19 @@ protected function doRequestInProcess($request)
      */
     protected function getScript($request)
     {
-        $kernel = str_replace("'", "\\'", serialize($this->kernel));
-        $request = str_replace("'", "\\'", serialize($request));
+        $kernel = var_export(serialize($this->kernel), true);
+        $request = var_export(serialize($request), true);
 
         $r = new \ReflectionObject($this->kernel);
 
         $autoloader = \dirname($r->getFileName()).'/autoload.php';
         if (is_file($autoloader)) {
-            $autoloader = str_replace("'", "\\'", $autoloader);
+            $autoloader = var_export($autoloader, true);
         } else {
-            $autoloader = '';
+            $autoloader = 'false';
         }
 
-        $path = str_replace("'", "\\'", $r->getFileName());
+        $path = var_export($r->getFileName(), true);
 
         $profilerCode = '';
         if ($this->profiler) {
@@ -187,16 +187,16 @@ protected function getScript($request)
 
 error_reporting($errorReporting);
 
-if ('$autoloader') {
-    require_once '$autoloader';
+if ($autoloader) {
+    require_once $autoloader;
 }
-require_once '$path';
+require_once $path;
 
-\$kernel = unserialize('$kernel');
+\$kernel = unserialize($kernel);
 \$kernel->boot();
 $profilerCode
 
-\$request = unserialize('$request');
+\$request = unserialize($request);
 EOF;
 
         return $code.$this->getHandleScript();
diff --git a/src/Symfony/Component/HttpKernel/Client.php b/src/Symfony/Component/HttpKernel/Client.php
@@ -71,27 +71,27 @@ protected function doRequest($request)
      */
     protected function getScript($request)
     {
-        $kernel = str_replace("'", "\\'", serialize($this->kernel));
-        $request = str_replace("'", "\\'", serialize($request));
+        $kernel = var_export(serialize($this->kernel), true);
+        $request = var_export(serialize($request), true);
 
         $r = new \ReflectionClass('\\Symfony\\Component\\ClassLoader\\ClassLoader');
-        $requirePath = str_replace("'", "\\'", $r->getFileName());
-        $symfonyPath = str_replace("'", "\\'", \dirname(\dirname(\dirname(__DIR__))));
+        $requirePath = var_export($r->getFileName(), true);
+        $symfonyPath = var_export(\dirname(\dirname(\dirname(__DIR__))), true);
         $errorReporting = error_reporting();
 
         $code = <<<EOF
 <?php
 
 error_reporting($errorReporting);
 
-require_once '$requirePath';
+require_once $requirePath;
 
 \$loader = new Symfony\Component\ClassLoader\ClassLoader();
-\$loader->addPrefix('Symfony', '$symfonyPath');
+\$loader->addPrefix('Symfony', $symfonyPath);
 \$loader->register();
 
-\$kernel = unserialize('$kernel');
-\$request = unserialize('$request');
+\$kernel = unserialize($kernel);
+\$request = unserialize($request);
 EOF;
 
         return $code.$this->getHandleScript();
