Security update for Core, with self-updated composer

[yaffs-website] / vendor / symfony / http-kernel / Fragment / AbstractSurrogateFragmentRenderer.php

diff --git a/vendor/symfony/http-kernel/Fragment/AbstractSurrogateFragmentRenderer.php b/vendor/symfony/http-kernel/Fragment/AbstractSurrogateFragmentRenderer.php
index 1968001a86b9864cbae644c61a48fbe5ea0079d4..0d4d26b6765c6b5c4f9124d66cb580a23b69b1b9 100644 (file)
--- a/vendor/symfony/http-kernel/Fragment/AbstractSurrogateFragmentRenderer.php
+++ b/vendor/symfony/http-kernel/Fragment/AbstractSurrogateFragmentRenderer.php
@@ -64,6 +64,10 @@ abstract class AbstractSurrogateFragmentRenderer extends RoutableFragmentRendere
     public function render($uri, Request $request, array $options = array())
     {
         if (!$this->surrogate || !$this->surrogate->hasSurrogateCapability($request)) {
+            if ($uri instanceof ControllerReference && $this->containsNonScalars($uri->attributes)) {
+                @trigger_error('Passing non-scalar values as part of URI attributes to the ESI and SSI rendering strategies is deprecated since version 3.1, and will be removed in 4.0. Use a different rendering strategy or pass scalar values.', E_USER_DEPRECATED);
+            }
+
             return $this->inlineStrategy->render($uri, $request, $options);
         }
 
@@ -92,4 +96,17 @@ abstract class AbstractSurrogateFragmentRenderer extends RoutableFragmentRendere
 
         return substr($fragmentUri, strlen($request->getSchemeAndHttpHost()));
     }
+
+    private function containsNonScalars(array $values)
+    {
+        foreach ($values as $value) {
+            if (is_array($value) && $this->containsNonScalars($value)) {
+                return true;
+            } elseif (!is_scalar($value) && null !== $value) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }