Merge branch '5.4' into 6.4

* 5.4: Do not read from argv on non-CLI SAPIs [Process] Use %PATH% before %CD% to load the shell on Windows [HttpFoundation] Reject URIs that contain invalid characters [HttpClient] Filter private IPs before connecting when Host == IP
symfony · Nov 5, 2024 · 4facd41 · 4facd41
2 parents 033988f + 443f7d2
commit 4facd41
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 7 deletions.
diff --git a/SymfonyRuntime.php b/SymfonyRuntime.php
@@ -95,7 +95,7 @@ public function __construct(array $options = [])
 
         if (isset($options['env'])) {
             $_SERVER[$envKey] = $options['env'];
-        } elseif (isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
+        } elseif (empty($_GET) && isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
             $this->options = $options;
             $this->getInput();
         }
@@ -203,6 +203,10 @@ protected static function register(GenericRuntime $runtime): GenericRuntime
 
     private function getInput(): ArgvInput
     {
+        if (!empty($_GET) && filter_var(ini_get('register_argc_argv'), \FILTER_VALIDATE_BOOL)) {
+            throw new \Exception('CLI applications cannot be run safely on non-CLI SAPIs with register_argc_argv=On.');
+        }
+
         if (isset($this->input)) {
             return $this->input;
         }

diff --git a/Tests/phpt/kernel-loop.phpt b/Tests/phpt/kernel-loop.phpt
@@ -11,6 +11,6 @@ require __DIR__.'/kernel-loop.php';
 
 ?>
 --EXPECTF--
-OK Kernel foo_bar
-OK Kernel foo_bar
+OK Kernel (env=dev) foo_bar
+OK Kernel (env=dev) foo_bar
 0
diff --git a/Tests/phpt/kernel.php b/Tests/phpt/kernel.php
@@ -17,17 +17,19 @@
 
 class TestKernel implements HttpKernelInterface
 {
+    private string $env;
     private string $var;
 
-    public function __construct(string $var)
+    public function __construct(string $env, string $var)
     {
+        $this->env = $env;
         $this->var = $var;
     }
 
     public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true): Response
     {
-        return new Response('OK Kernel '.$this->var);
+        return new Response('OK Kernel (env='.$this->env.') '.$this->var);
     }
 }
 
-return fn (array $context) => new TestKernel($context['SOME_VAR']);
+return fn (array $context) => new TestKernel($context['APP_ENV'], $context['SOME_VAR']);
diff --git a/Tests/phpt/kernel.phpt b/Tests/phpt/kernel.phpt
@@ -9,4 +9,4 @@ require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
 
 ?>
 --EXPECTF--
-OK Kernel foo_bar
+OK Kernel (env=dev) foo_bar
diff --git a/Tests/phpt/kernel_register_argc_argv.phpt b/Tests/phpt/kernel_register_argc_argv.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Test HttpKernelInterface with register_argc_argv=1
+--INI--
+display_errors=1
+register_argc_argv=1
+--FILE--
+<?php
+
+// emulating PHP behavior with register_argc_argv=1
+$_GET['-e_test'] = '';
+$_SERVER['argc'] = 1;
+$_SERVER['argv'] = [' ', '-e', 'test'];
+
+require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
+
+?>
+--EXPECTF--
+OK Kernel (env=dev) foo_bar