-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
Labels
BrowserKitBugGood first issueIdeal for your first contribution! (some Symfony experience may be required)Ideal for your first contribution! (some Symfony experience may be required)Help wantedIssues and PRs which are looking for volunteers to complete them.Issues and PRs which are looking for volunteers to complete them.Status: Needs Review
Description
Symfony version(s) affected: 5.1
Description
It is possible to pass request parameters of any type to the Symfony web crawler, something that's not possible in actual requests.
How to reproduce
On the sending end:
$client = static::createClient();
$client->request('POST', '/endpoint', [
'foo' => 'bar',
'baz' => 1.1,
'boz' => Uuid::uuid4(),
]);
On the receiving end:
var_dump($request->get('foo')); // 'bar'
var_dump($request->get('baz')); // 1.1
var_dump($request->get('boz')); // object(Ramsey\Uuid\Lazy\LazyUuidFromString)
Possible Solution
Values in the request parameters should be restricted to strings. Any other type should result in an error.
Metadata
Metadata
Assignees
Labels
BrowserKitBugGood first issueIdeal for your first contribution! (some Symfony experience may be required)Ideal for your first contribution! (some Symfony experience may be required)Help wantedIssues and PRs which are looking for volunteers to complete them.Issues and PRs which are looking for volunteers to complete them.Status: Needs Review