Leverage str_contains/str_starts_with

derrabus · nicolas-grekas · commit e4149a2712f3 · 2021-07-21T14:19:41.000+02:00
Signed-off-by: Alexander M. Turek &lt;me@derrabus.de&gt;
diff --git a/Core/Authorization/Voter/RoleVoter.php b/Core/Authorization/Voter/RoleVoter.php
@@ -41,7 +41,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)
                 $attribute = $attribute->getRole();
             }
 
-            if (!\is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) {
+            if (!\is_string($attribute) || !str_starts_with($attribute, $this->prefix)) {
                 continue;
             }
 
diff --git a/Core/Encoder/Argon2iPasswordEncoder.php b/Core/Encoder/Argon2iPasswordEncoder.php
@@ -83,7 +83,7 @@ public function isPasswordValid($encoded, $raw, $salt)
     {
         // If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i".
         // In this case, "password_verify()" cannot be used.
-        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (false === strpos($encoded, '$argon2id$'))) {
+        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (!str_contains($encoded, '$argon2id$'))) {
             return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
         }
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -73,7 +73,7 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
+        if (\strlen($encoded) !== $this->encodedLength || str_contains($encoded, '$')) {
             return false;
         }
 
diff --git a/Core/Encoder/NativePasswordEncoder.php b/Core/Encoder/NativePasswordEncoder.php
@@ -97,9 +97,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool
             return false;
         }
 
-        if (0 !== strpos($encoded, '$argon')) {
+        if (!str_starts_with($encoded, '$argon')) {
             // BCrypt encodes only the first 72 chars
-            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
+            return (72 >= \strlen($raw) || !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {
diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php
@@ -80,7 +80,7 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
+        if (\strlen($encoded) !== $this->encodedLength || str_contains($encoded, '$')) {
             return false;
         }
 
diff --git a/Core/Encoder/SodiumPasswordEncoder.php b/Core/Encoder/SodiumPasswordEncoder.php
@@ -84,9 +84,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool
             return false;
         }
 
-        if (0 !== strpos($encoded, '$argon')) {
+        if (!str_starts_with($encoded, '$argon')) {
             // Accept validating non-argon passwords for seamless migrations
-            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
+            return (72 >= \strlen($raw) || !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
diff --git a/Core/composer.json b/Core/composer.json
@@ -18,6 +18,7 @@
     "require": {
         "php": ">=7.1.3",
         "symfony/event-dispatcher-contracts": "^1.1|^2",
+        "symfony/polyfill-php80": "^1.16",
         "symfony/service-contracts": "^1.1.6|^2"
     },
     "require-dev": {
diff --git a/Csrf/TokenStorage/SessionTokenStorage.php b/Csrf/TokenStorage/SessionTokenStorage.php
@@ -98,7 +98,7 @@ public function removeToken($tokenId)
     public function clear()
     {
         foreach (array_keys($this->session->all()) as $key) {
-            if (0 === strpos($key, $this->namespace.'/')) {
+            if (str_starts_with($key, $this->namespace.'/')) {
                 $this->session->remove($key);
             }
         }
diff --git a/Csrf/composer.json b/Csrf/composer.json
@@ -17,6 +17,7 @@
     ],
     "require": {
         "php": ">=7.1.3",
+        "symfony/polyfill-php80": "^1.16",
         "symfony/security-core": "^3.4|^4.0|^5.0"
     },
     "require-dev": {
diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php
@@ -51,7 +51,7 @@ public function supports(Request $request): ?bool
             if (null !== $this->logger) {
                 if ('https' === $request->headers->get('X-Forwarded-Proto')) {
                     $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
-                } elseif (false !== strpos($request->headers->get('Forwarded'), 'proto=https')) {
+                } elseif (str_contains($request->headers->get('Forwarded'), 'proto=https')) {
                     $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
                 } else {
                     $this->logger->info('Redirecting to HTTPS.');
diff --git a/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
@@ -82,8 +82,8 @@ public function __construct(TokenStorageInterface $tokenStorage, AuthenticationM
 
     public function supports(Request $request): ?bool
     {
-        if (false === strpos($request->getRequestFormat() ?? '', 'json')
-            && false === strpos($request->getContentType() ?? '', 'json')
+        if (!str_contains($request->getRequestFormat() ?? '', 'json')
+            && !str_contains($request->getContentType() ?? '', 'json')
         ) {
             return false;
         }
diff --git a/Http/HttpUtils.php b/Http/HttpUtils.php
@@ -149,7 +149,7 @@ public function checkRequestPath(Request $request, $path)
      */
     public function generateUri($request, $path)
     {
-        if (0 === strpos($path, 'http') || !$path) {
+        if (str_starts_with($path, 'http') || !$path) {
             return $path;
         }
 
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
@@ -260,7 +260,7 @@ protected function decodeCookie($rawCookie)
     protected function encodeCookie(array $cookieParts)
     {
         foreach ($cookieParts as $cookiePart) {
-            if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) {
+            if (str_contains($cookiePart, self::COOKIE_DELIMITER)) {
                 throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s".', self::COOKIE_DELIMITER));
             }
         }
diff --git a/Http/composer.json b/Http/composer.json
@@ -20,6 +20,7 @@
         "symfony/security-core": "^4.4.8",
         "symfony/http-foundation": "^3.4.40|^4.4.7|^5.0.7",
         "symfony/http-kernel": "^4.4",
+        "symfony/polyfill-php80": "^1.16",
         "symfony/property-access": "^3.4|^4.0|^5.0"
     },
     "require-dev": {
diff --git a/composer.json b/composer.json
@@ -20,6 +20,7 @@
         "symfony/event-dispatcher-contracts": "^1.1|^2",
         "symfony/http-foundation": "^3.4.40|^4.4.7|^5.0.7",
         "symfony/http-kernel": "^4.4",
+        "symfony/polyfill-php80": "^1.16",
         "symfony/property-access": "^3.4|^4.0|^5.0",
         "symfony/service-contracts": "^1.1|^2"
     },

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)`
`41`	`41`	`$attribute = $attribute->getRole();`
`42`	`42`	`}`
`43`	`43`
`44`		`- if (!\is_string($attribute) \|\| 0 !== strpos($attribute, $this->prefix)) {`
	`44`	`+ if (!\is_string($attribute) \|\| !str_starts_with($attribute, $this->prefix)) {`
`45`	`45`	`continue;`
`46`	`46`	`}`
`47`	`47`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ public function isPasswordValid($encoded, $raw, $salt)`
`83`	`83`	`{`
`84`	`84`	`// If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i".`
`85`	`85`	`// In this case, "password_verify()" cannot be used.`
`86`		`- if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (false === strpos($encoded, '$argon2id$'))) {`
	`86`	`+ if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (!str_contains($encoded, '$argon2id$'))) {`
`87`	`87`	`return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);`
`88`	`88`	`}`
`89`	`89`	`if (\function_exists('sodium_crypto_pwhash_str_verify')) {`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ public function encodePassword($raw, $salt)`
`73`	`73`	`*/`
`74`	`74`	`public function isPasswordValid($encoded, $raw, $salt)`
`75`	`75`	`{`
`76`		`- if (\strlen($encoded) !== $this->encodedLength \|\| false !== strpos($encoded, '$')) {`
	`76`	`+ if (\strlen($encoded) !== $this->encodedLength \|\| str_contains($encoded, '$')) {`
`77`	`77`	`return false;`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -97,9 +97,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool`
`97`	`97`	`return false;`
`98`	`98`	`}`
`99`	`99`
`100`		`- if (0 !== strpos($encoded, '$argon')) {`
	`100`	`+ if (!str_starts_with($encoded, '$argon')) {`
`101`	`101`	`// BCrypt encodes only the first 72 chars`
`102`		`- return (72 >= \strlen($raw) \|\| 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);`
	`102`	`+ return (72 >= \strlen($raw) \|\| !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public function encodePassword($raw, $salt)`
`80`	`80`	`*/`
`81`	`81`	`public function isPasswordValid($encoded, $raw, $salt)`
`82`	`82`	`{`
`83`		`- if (\strlen($encoded) !== $this->encodedLength \|\| false !== strpos($encoded, '$')) {`
	`83`	`+ if (\strlen($encoded) !== $this->encodedLength \|\| str_contains($encoded, '$')) {`
`84`	`84`	`return false;`
`85`	`85`	`}`
`86`	`86`
Original file line number	Diff line number	Diff line change
`@@ -84,9 +84,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool`
`84`	`84`	`return false;`
`85`	`85`	`}`
`86`	`86`
`87`		`- if (0 !== strpos($encoded, '$argon')) {`
	`87`	`+ if (!str_starts_with($encoded, '$argon')) {`
`88`	`88`	`// Accept validating non-argon passwords for seamless migrations`
`89`		`- return (72 >= \strlen($raw) \|\| 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);`
	`89`	`+ return (72 >= \strlen($raw) \|\| !str_starts_with($encoded, '$2')) && password_verify($raw, $encoded);`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`if (\function_exists('sodium_crypto_pwhash_str_verify')) {`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ public function removeToken($tokenId)`
`98`	`98`	`public function clear()`
`99`	`99`	`{`
`100`	`100`	`foreach (array_keys($this->session->all()) as $key) {`
`101`		`- if (0 === strpos($key, $this->namespace.'/')) {`
	`101`	`+ if (str_starts_with($key, $this->namespace.'/')) {`
`102`	`102`	`$this->session->remove($key);`
`103`	`103`	`}`
`104`	`104`	`}`