Merge branch '4.4' into 5.2

nicolas-grekas · nicolas-grekas · commit d79f384ce478 · 2021-07-21T14:38:00.000+02:00
* 4.4:
  Leverage str_contains/str_starts_with
  Leverage str_ends_with
diff --git a/Authorization/Voter/RoleVoter.php b/Authorization/Voter/RoleVoter.php
@@ -36,7 +36,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)
         $roles = $this->extractRoles($token);
 
         foreach ($attributes as $attribute) {
-            if (!\is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) {
+            if (!\is_string($attribute) || !str_starts_with($attribute, $this->prefix)) {
                 continue;
             }
 
diff --git a/Encoder/MessageDigestPasswordEncoder.php b/Encoder/MessageDigestPasswordEncoder.php
@@ -73,7 +73,7 @@ public function encodePassword(string $raw, ?string $salt)
      */
     public function isPasswordValid(string $encoded, string $raw, ?string $salt)
     {
-        if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
+        if (\strlen($encoded) !== $this->encodedLength || str_contains($encoded, '$')) {
             return false;
         }
 
diff --git a/Encoder/NativePasswordEncoder.php b/Encoder/NativePasswordEncoder.php
@@ -97,9 +97,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
             return false;
         }
 
-        if (0 !== strpos($encoded, '$argon')) {
+        if (!str_starts_with($encoded, '$argon')) {
             // BCrypt encodes only the first 72 chars
-            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
+            return (72 >= \strlen($raw) || !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {
diff --git a/Encoder/Pbkdf2PasswordEncoder.php b/Encoder/Pbkdf2PasswordEncoder.php
@@ -80,7 +80,7 @@ public function encodePassword(string $raw, ?string $salt)
      */
     public function isPasswordValid(string $encoded, string $raw, ?string $salt)
     {
-        if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
+        if (\strlen($encoded) !== $this->encodedLength || str_contains($encoded, '$')) {
             return false;
         }
 
diff --git a/Encoder/SodiumPasswordEncoder.php b/Encoder/SodiumPasswordEncoder.php
@@ -84,9 +84,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
             return false;
         }
 
-        if (0 !== strpos($encoded, '$argon')) {
+        if (!str_starts_with($encoded, '$argon')) {
             // Accept validating non-argon passwords for seamless migrations
-            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
+            return (72 >= \strlen($raw) || !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": ">=7.2.5",
         "symfony/event-dispatcher-contracts": "^1.1|^2",
-        "symfony/polyfill-php80": "^1.15",
+        "symfony/polyfill-php80": "^1.16",
         "symfony/service-contracts": "^1.1.6|^2",
         "symfony/deprecation-contracts": "^2.1"
     },

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)`
`36`	`36`	`$roles = $this->extractRoles($token);`
`37`	`37`
`38`	`38`	`foreach ($attributes as $attribute) {`
`39`		`- if (!\is_string($attribute) \|\| 0 !== strpos($attribute, $this->prefix)) {`
	`39`	`+ if (!\is_string($attribute) \|\| !str_starts_with($attribute, $this->prefix)) {`
`40`	`40`	`continue;`
`41`	`41`	`}`
`42`	`42`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ public function encodePassword(string $raw, ?string $salt)`
`73`	`73`	`*/`
`74`	`74`	`public function isPasswordValid(string $encoded, string $raw, ?string $salt)`
`75`	`75`	`{`
`76`		`- if (\strlen($encoded) !== $this->encodedLength \|\| false !== strpos($encoded, '$')) {`
	`76`	`+ if (\strlen($encoded) !== $this->encodedLength \|\| str_contains($encoded, '$')) {`
`77`	`77`	`return false;`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -97,9 +97,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo`
`97`	`97`	`return false;`
`98`	`98`	`}`
`99`	`99`
`100`		`- if (0 !== strpos($encoded, '$argon')) {`
	`100`	`+ if (!str_starts_with($encoded, '$argon')) {`
`101`	`101`	`// BCrypt encodes only the first 72 chars`
`102`		`- return (72 >= \strlen($raw) \|\| 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);`
	`102`	`+ return (72 >= \strlen($raw) \|\| !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public function encodePassword(string $raw, ?string $salt)`
`80`	`80`	`*/`
`81`	`81`	`public function isPasswordValid(string $encoded, string $raw, ?string $salt)`
`82`	`82`	`{`
`83`		`- if (\strlen($encoded) !== $this->encodedLength \|\| false !== strpos($encoded, '$')) {`
	`83`	`+ if (\strlen($encoded) !== $this->encodedLength \|\| str_contains($encoded, '$')) {`
`84`	`84`	`return false;`
`85`	`85`	`}`
`86`	`86`
Original file line number	Diff line number	Diff line change
`@@ -84,9 +84,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo`
`84`	`84`	`return false;`
`85`	`85`	`}`
`86`	`86`
`87`		`- if (0 !== strpos($encoded, '$argon')) {`
	`87`	`+ if (!str_starts_with($encoded, '$argon')) {`
`88`	`88`	`// Accept validating non-argon passwords for seamless migrations`
`89`		`- return (72 >= \strlen($raw) \|\| 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);`
	`89`	`+ return (72 >= \strlen($raw) \|\| !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`if (\function_exists('sodium_crypto_pwhash_str_verify')) {`