Skip to content

[HttpKernel] Prevent TypeError for out-of-range route parameters #61458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: 7.4
Choose a base branch
from
Open

[HttpKernel] Prevent TypeError for out-of-range route parameters #61458

wants to merge 4 commits into from
+324 −1

Conversation

mudassaralichouhan
Copy link

@mudassaralichouhan mudassaralichouhan commented Aug 19, 2025
edited
Loading

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #61451
License MIT
Doc PR N/A

This PR fixes issue #61451 by introducing a new RequestAttributeScalarValueResolver that safely casts request attributes (route parameters) to scalar types (int, float, bool, string, or \BackedEnum).

If a value cannot be safely cast (e.g. 9223372036854775808 for an int), a NotFoundHttpException (404) is thrown before reaching the controller, avoiding a TypeError.

Changes:

  • Added: RequestAttributeScalarValueResolver (registered with high priority)
  • Tests: Unit and functional tests for valid, invalid, and out-of-range int values
  • Config: Functional test app with a /{id} route expecting int $id
  • Docs: CHANGELOG.md entry under 7.4

This makes route handling safer and more predictable for typed controllers.

@mudassaralichouhan
Prevent type error on invalid or out-of-range route params by adding …
d35ff3a 
…RequestAttributeScalarValueResolver

- Added RequestAttributeScalarValueResolver to safely resolve typed scalar arguments and throw 404 on invalid input
- Registered resolver with high priority before raw attribute resolver
- Added unit and functional tests for int route param edge cases
- Documented behavior in Routing CHANGELOG
@carsonbot carsonbot added this to the 7.4 milestone Aug 19, 2025
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 7.4 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@carsonbot carsonbot changed the title Prevent TypeError for out-of-range route parameters (Fixes #61451) Prevent TypeError for out-of-range route parameters (Fixes #61451) Aug 19, 2025
nicolas-grekas
nicolas-grekas reviewed Aug 19, 2025
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For enums, this looks already covered by BackedEnumValueResolver
For other scalar types, I'd suggest implementing this in RequestAttributeValueResolver

@carsonbot carsonbot changed the title Prevent TypeError for out-of-range route parameters (Fixes #61451) [HttpKernel] Prevent TypeError for out-of-range route parameters (Fixes #61451) Aug 19, 2025
@nicolas-grekas nicolas-grekas changed the title [HttpKernel] Prevent TypeError for out-of-range route parameters (Fixes #61451) [HttpKernel] Prevent TypeError for out-of-range route parameters Aug 19, 2025
@stof
Copy link
Member

stof commented Aug 19, 2025

Btw, the implementation in RequestAttributeValueResolver should probably use the right getter of the ParameterBag instead of reimplementing the conversion logic in the value resolver after using get.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@stof stof stof left review comments

Assignees
No one assigned
Labels
HttpKernel Status: Needs Review
Projects
None yet
Milestone
7.4
Development

Successfully merging this pull request may close these issues.
4 participants
@mudassaralichouhan @carsonbot @stof @nicolas-grekas