Merge branch '2.7' into 2.8

* 2.7: [VarDumper] Enhance docblock to tell about AbstractDumper::dumpLine(-1) [Debug] Remove false-positive check in DebugClassLoader [Validator] Fix use of GroupSequenceProvider in child classes Change number PHPDoc type to int|float [VarDumper] Strengthen dumped JS [travis] Add timing info [Validator] Fix Greek translation [Console] Initialize lazily to render exceptions properly [Validator] Add a property tag for File::$maxSize
[Debug] Remove false-positive check in DebugClassLoader
2026-03-25 17:52:07 +01:00 · 2017-08-27 07:29:03 -07:00 · 2017-08-27 10:27:28 +02:00 · 2017-07-28 17:21:22 +02:00 · 2017-07-26 22:00:18 +02:00 · 2017-07-26 17:00:11 +02:00
4 changed files with 27 additions and 3 deletions
--- a/DebugClassLoader.php
+++ b/DebugClassLoader.php
@@ -26,6 +26,7 @@ class DebugClassLoader
 {
    private $classLoader;
    private $isFinder;
+    private $loaded = array();
    private $wasFinder;
    private static $caseCheck;
    private static $deprecated = array();
@@ -164,9 +165,10 @@ class DebugClassLoader
        ErrorHandler::stackErrors();

        try {
-            if ($this->isFinder) {
+            if ($this->isFinder && !isset($this->loaded[$class])) {
+                $this->loaded[$class] = true;
                if ($file = $this->classLoader[0]->findFile($class)) {
-                    require_once $file;
+                    require $file;
                }
            } else {
                call_user_func($this->classLoader, $class);
--- a/ExceptionHandler.php
+++ b/ExceptionHandler.php
@@ -442,7 +442,7 @@ EOF;
                $formattedValue = str_replace("\n", '', var_export($this->escapeHtml((string) $item[1]), true));
            }

-            $result[] = is_int($key) ? $formattedValue : sprintf("'%s' => %s", $key, $formattedValue);
+            $result[] = is_int($key) ? $formattedValue : sprintf("'%s' => %s", $this->escapeHtml($key), $formattedValue);
        }

        return implode(', ', $result);
--- a/Tests/DebugClassLoaderTest.php
+++ b/Tests/DebugClassLoaderTest.php
@@ -59,6 +59,23 @@ class DebugClassLoaderTest extends TestCase
        $this->fail('DebugClassLoader did not register');
    }

+    /**
+     * @expectedException \Exception
+     * @expectedExceptionMessage boo
+     */
+    public function testThrowingClass()
+    {
+        try {
+            class_exists(__NAMESPACE__.'\Fixtures\Throwing');
+            $this->fail('Exception expected');
+        } catch (\Exception $e) {
+            $this->assertSame('boo', $e->getMessage());
+        }
+
+        // the second call also should throw
+        class_exists(__NAMESPACE__.'\Fixtures\Throwing');
+    }
+
    public function testUnsilencing()
    {
        if (\PHP_VERSION_ID >= 70000) {
@@ -128,6 +145,7 @@ class DebugClassLoaderTest extends TestCase

    /**
     * @expectedException \RuntimeException
+     * @expectedExceptionMessage Case mismatch between loaded and declared class names
     */
    public function testNameCaseMismatch()
    {
@@ -149,6 +167,7 @@ class DebugClassLoaderTest extends TestCase

    /**
     * @expectedException \RuntimeException
+     * @expectedExceptionMessage Case mismatch between loaded and declared class names
     */
    public function testPsr4CaseMismatch()
    {
--- a/Tests/Fixtures/Throwing.php
+++ b/Tests/Fixtures/Throwing.php
@@ -0,0 +1,3 @@
+<?php
+
+throw new \Exception('boo');
Author	SHA1	Message	Date
Fabien Potencier	efc9656dcb	Merge branch '2.7' into 2.8 * 2.7: [VarDumper] Enhance docblock to tell about AbstractDumper::dumpLine(-1) [Debug] Remove false-positive check in DebugClassLoader [Validator] Fix use of GroupSequenceProvider in child classes Change number PHPDoc type to int\|float [VarDumper] Strengthen dumped JS [travis] Add timing info [Validator] Fix Greek translation [Console] Initialize lazily to render exceptions properly [Validator] Add a property tag for File::$maxSize	2017-08-27 07:29:03 -07:00
Nicolas Grekas	f45a908634	[Debug] Remove false-positive check in DebugClassLoader	2017-08-27 10:27:28 +02:00
Nicolas Grekas	236ca98a42	Merge branch '2.7' into 2.8 * 2.7: [DI] Remove unused props from the PhpDumper [ProxyManager] Cleanup fixtures [Debug] HTML-escape array key Add some phpdocs for IDE autocompletion and better SCA	2017-07-28 17:21:22 +02:00
Nicolas Grekas	0946243775	bug #23684 [Debug] Missing escape in debug output (c960657) This PR was merged into the 2.7 branch. Discussion ---------- [Debug] Missing escape in debug output \| Q \| A \| ------------- \| --- \| Branch? \| 2.7 \| Bug fix? \| yes \| New feature? \| no \| BC breaks? \| no \| Deprecations? \| no \| Tests pass? \| yes \| Fixed tickets \| \| License \| MIT \| Doc PR \| When pretty-printing an exception, the debug handler does not properly escape array keys. The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage). A test for this is included in my patch for #18722. Commits ------- 636777d [Debug] HTML-escape array key	2017-07-26 22:00:18 +02:00
Christian Schmidt	e1ce6a4ded	[Debug] HTML-escape array key	2017-07-26 17:00:11 +02:00