Security update for Core, with self-updated composer

[yaffs-website] / vendor / symfony / routing / Loader / AnnotationFileLoader.php

diff --git a/vendor/symfony/routing/Loader/AnnotationFileLoader.php b/vendor/symfony/routing/Loader/AnnotationFileLoader.php
index b8fc03615f96859f78d99f32c3b5fcd0668c858d..22edc867137656483ea9dcb67c08a6cd0be0cf3e 100644 (file)
--- a/vendor/symfony/routing/Loader/AnnotationFileLoader.php
+++ b/vendor/symfony/routing/Loader/AnnotationFileLoader.php
@@ -64,7 +64,7 @@ class AnnotationFileLoader extends FileLoader
             $collection->addResource(new FileResource($path));
             $collection->addCollection($this->loader->load($class, $type));
         }
-        if (PHP_VERSION_ID >= 70000) {
+        if (\PHP_VERSION_ID >= 70000) {
             // PHP 7 memory manager will not release after token_get_all(), see https://bugs.php.net/70098
             gc_mem_caches();
         }
@@ -92,6 +92,11 @@ class AnnotationFileLoader extends FileLoader
         $class = false;
         $namespace = false;
         $tokens = token_get_all(file_get_contents($file));
+
+        if (1 === count($tokens) && T_INLINE_HTML === $tokens[0][0]) {
+            throw new \InvalidArgumentException(sprintf('The file "%s" does not contain PHP code. Did you forgot to add the "<?php" start tag at the beginning of the file?', $file));
+        }
+
         for ($i = 0; isset($tokens[$i]); ++$i) {
             $token = $tokens[$i];