From 5c4618cc819dfd60b82dee650425fcd68f272dd0 Mon Sep 17 00:00:00 2001 From: matlec Date: Thu, 21 Aug 2025 15:09:57 +0200 Subject: [PATCH 1/4] [Security] Ignore target route when exiting impersonation --- .../Security/Http/Firewall/SwitchUserListener.php | 2 +- .../Tests/Firewall/SwitchUserListenerTest.php | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php index c9cf9d7d26051..8093325b346e4 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php @@ -124,7 +124,7 @@ public function authenticate(RequestEvent $event): void if (!$this->stateless) { $request->query->remove($this->usernameParameter); $request->server->set('QUERY_STRING', http_build_query($request->query->all(), '', '&')); - $response = new RedirectResponse($this->urlGenerator && $this->targetRoute ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302); + $response = new RedirectResponse($this->urlGenerator && $this->targetRoute && self::EXIT_VALUE !== $username ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302); $event->setResponse($response); } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php index 32b5b3e5bad00..daf8582c7fc3a 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php @@ -17,6 +17,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\HttpKernel\HttpKernelInterface; +use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -105,6 +106,20 @@ public function testExitUserUpdatesToken() $this->assertSame($originalToken, $this->tokenStorage->getToken()); } + public function testExitUserDoesNotRedirectToTargetRoute() + { + $originalToken = new UsernamePasswordToken(new InMemoryUser('username', '', []), 'key', []); + $this->tokenStorage->setToken(new SwitchUserToken(new InMemoryUser('username', '', ['ROLE_USER']), 'key', ['ROLE_USER'], $originalToken)); + + $this->request->query->set('_switch_user', SwitchUserListener::EXIT_VALUE); + + $listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, urlGenerator: $this->createMock(UrlGeneratorInterface::class), targetRoute: 'whatever'); + $listener($this->event); + + $this->assertInstanceOf(RedirectResponse::class, $this->event->getResponse()); + $this->assertSame($this->request->getUri(), $this->event->getResponse()->getTargetUrl()); + } + public function testExitUserDispatchesEventWithRefreshedUser() { $originalUser = new InMemoryUser('username', null); From 76a03799b8eab9154ff8fee9c8ce164c0a7d9350 Mon Sep 17 00:00:00 2001 From: Yurguis Garcia Date: Thu, 21 Aug 2025 15:23:36 -0400 Subject: [PATCH 2/4] [Security][Validator] Review translations. --- .../Security/Core/Resources/translations/security.es.xlf | 2 +- .../Validator/Resources/translations/validators.es.xlf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf index e8af87e5bb9c8..d1ebb1e343485 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf @@ -76,7 +76,7 @@ Too many failed login attempts, please try again in %minutes% minutes. - Demasiados intentos fallidos de inicio de sesión, inténtelo de nuevo en %minutes% minutos. + Demasiados intentos fallidos de inicio de sesión, inténtelo de nuevo en %minutes% minutos. diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf index a9ad8a76b11e9..0d47977dec685 100644 --- a/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf +++ b/src/Symfony/Component/Validator/Resources/translations/validators.es.xlf @@ -468,7 +468,7 @@ This value is not a valid Twig template. - Este valor no es una plantilla Twig válida. + Este valor no es una plantilla Twig válida. From b08751e1051c87832d99517de696bf0ba06626d8 Mon Sep 17 00:00:00 2001 From: matlec Date: Fri, 22 Aug 2025 11:58:45 +0200 Subject: [PATCH 3/4] [Console] Fix testing multiline question --- src/Symfony/Component/Console/Helper/QuestionHelper.php | 6 +++++- src/Symfony/Component/Console/Tester/TesterTrait.php | 4 ++++ .../Component/Console/Tests/Helper/QuestionHelperTest.php | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Console/Helper/QuestionHelper.php b/src/Symfony/Component/Console/Helper/QuestionHelper.php index 3d9091d2b0f55..593b01b39da85 100644 --- a/src/Symfony/Component/Console/Helper/QuestionHelper.php +++ b/src/Symfony/Component/Console/Helper/QuestionHelper.php @@ -527,12 +527,16 @@ private function readInput($inputStream, Question $question): string|false $ret = ''; $cp = $this->setIOCodepage(); while (false !== ($char = fgetc($multiLineStreamReader))) { - if (\PHP_EOL === "{$ret}{$char}") { + if ("\x4" === $char || \PHP_EOL === "{$ret}{$char}") { break; } $ret .= $char; } + if (stream_get_meta_data($inputStream)['seekable']) { + fseek($inputStream, ftell($multiLineStreamReader)); + } + return $this->resetIOCodepage($cp, $ret); } diff --git a/src/Symfony/Component/Console/Tester/TesterTrait.php b/src/Symfony/Component/Console/Tester/TesterTrait.php index 1ab7a70aa22d9..127556d1db842 100644 --- a/src/Symfony/Component/Console/Tester/TesterTrait.php +++ b/src/Symfony/Component/Console/Tester/TesterTrait.php @@ -169,6 +169,10 @@ private static function createStream(array $inputs) foreach ($inputs as $input) { fwrite($stream, $input.\PHP_EOL); + + if (str_contains($input, \PHP_EOL)) { + fwrite($stream, "\x4"); + } } rewind($stream); diff --git a/src/Symfony/Component/Console/Tests/Helper/QuestionHelperTest.php b/src/Symfony/Component/Console/Tests/Helper/QuestionHelperTest.php index 42da50273b066..651ae5f103b65 100644 --- a/src/Symfony/Component/Console/Tests/Helper/QuestionHelperTest.php +++ b/src/Symfony/Component/Console/Tests/Helper/QuestionHelperTest.php @@ -519,7 +519,7 @@ public function testAskMultilineResponseWithWithCursorInMiddleOfSeekableInputStr $question->setMultiline(true); $this->assertSame("some\ninput", $dialog->ask($this->createStreamableInputInterfaceMock($response), $this->createOutputInterface(), $question)); - $this->assertSame(8, ftell($response)); + $this->assertSame(18, ftell($response)); } /** From 6042edebde438891574fcbed0d2c00c0b9670c0d Mon Sep 17 00:00:00 2001 From: Ruud Kamphuis Date: Fri, 22 Aug 2025 14:33:20 +0200 Subject: [PATCH 4/4] [String] Fix nodes singular Before it would suggest nod. It should be node. --- src/Symfony/Component/String/Inflector/EnglishInflector.php | 6 ++++++ .../String/Tests/Inflector/EnglishInflectorTest.php | 2 ++ 2 files changed, 8 insertions(+) diff --git a/src/Symfony/Component/String/Inflector/EnglishInflector.php b/src/Symfony/Component/String/Inflector/EnglishInflector.php index 7224b4713e3ce..b9d74c004eb65 100644 --- a/src/Symfony/Component/String/Inflector/EnglishInflector.php +++ b/src/Symfony/Component/String/Inflector/EnglishInflector.php @@ -25,6 +25,9 @@ final class EnglishInflector implements InflectorInterface // Fourth entry: Whether the suffix may succeed a consonant // Fifth entry: singular suffix, normal + // nodes (node) + ['sedon', 5, true, true, 'node'], + // bacteria (bacterium) ['airetcab', 8, true, true, 'bacterium'], @@ -202,6 +205,9 @@ final class EnglishInflector implements InflectorInterface // Fourth entry: Whether the suffix may succeed a consonant // Fifth entry: plural suffix, normal + // nodes (node) + ['edon', 4, true, true, 'nodes'], + // axes (axis) ['sixa', 4, false, false, 'axes'], diff --git a/src/Symfony/Component/String/Tests/Inflector/EnglishInflectorTest.php b/src/Symfony/Component/String/Tests/Inflector/EnglishInflectorTest.php index 789a73d965e53..e3b35cbc8dfb5 100644 --- a/src/Symfony/Component/String/Tests/Inflector/EnglishInflectorTest.php +++ b/src/Symfony/Component/String/Tests/Inflector/EnglishInflectorTest.php @@ -123,6 +123,7 @@ public static function singularizeProvider() ['nebulae', 'nebula'], ['neuroses', ['neuros', 'neurose', 'neurosis']], ['news', 'news'], + ['nodes', 'node'], ['oases', ['oas', 'oase', 'oasis']], ['objectives', 'objective'], ['outages', 'outage'], @@ -281,6 +282,7 @@ public static function pluralizeProvider() ['nebula', 'nebulae'], ['neurosis', 'neuroses'], ['news', 'news'], + ['node', 'nodes'], ['oasis', 'oases'], ['objective', 'objectives'], ['ox', 'oxen'],