Security update for Core, with self-updated composer

[yaffs-website] / vendor / symfony / dependency-injection / Loader / IniFileLoader.php

diff --git a/vendor/symfony/dependency-injection/Loader/IniFileLoader.php b/vendor/symfony/dependency-injection/Loader/IniFileLoader.php
index 16ddf87f851123aa1087c61c715e599c3adf20e0..9fea56be1b22dfef798d0da1790b2f3b24c73d24 100644 (file)
--- a/vendor/symfony/dependency-injection/Loader/IniFileLoader.php
+++ b/vendor/symfony/dependency-injection/Loader/IniFileLoader.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\DependencyInjection\Loader;
 
 use Symfony\Component\Config\Resource\FileResource;
+use Symfony\Component\Config\Util\XmlUtils;
 use Symfony\Component\DependencyInjection\Exception\InvalidArgumentException;
 
 /**
@@ -30,14 +31,18 @@ class IniFileLoader extends FileLoader
 
         $this->container->addResource(new FileResource($path));
 
+        // first pass to catch parsing errors
         $result = parse_ini_file($path, true);
         if (false === $result || array() === $result) {
             throw new InvalidArgumentException(sprintf('The "%s" file is not valid.', $resource));
         }
 
+        // real raw parsing
+        $result = parse_ini_file($path, true, INI_SCANNER_RAW);
+
         if (isset($result['parameters']) && is_array($result['parameters'])) {
             foreach ($result['parameters'] as $key => $value) {
-                $this->container->setParameter($key, $value);
+                $this->container->setParameter($key, $this->phpize($value));
             }
         }
     }
@@ -49,4 +54,33 @@ class IniFileLoader extends FileLoader
     {
         return is_string($resource) && 'ini' === pathinfo($resource, PATHINFO_EXTENSION);
     }
+
+    /**
+     * Note that the following features are not supported:
+     *  * strings with escaped quotes are not supported "foo\"bar";
+     *  * string concatenation ("foo" "bar").
+     */
+    private function phpize($value)
+    {
+        // trim on the right as comments removal keep whitespaces
+        $value = rtrim($value);
+        $lowercaseValue = strtolower($value);
+
+        switch (true) {
+            case defined($value):
+                return constant($value);
+            case 'yes' === $lowercaseValue || 'on' === $lowercaseValue:
+                return true;
+            case 'no' === $lowercaseValue || 'off' === $lowercaseValue || 'none' === $lowercaseValue:
+                return false;
+            case isset($value[1]) && (
+                ("'" === $value[0] && "'" === $value[strlen($value) - 1]) ||
+                ('"' === $value[0] && '"' === $value[strlen($value) - 1])
+            ):
+                // quoted string
+                return substr($value, 1, -1);
+            default:
+                return XmlUtils::phpize($value);
+        }
+    }
 }