Skip to content

It is possible to pass request parameters of any type to the Symfony web crawler #37740

New issue
New issue
Closed
#38417
#37755
Closed
It is possible to pass request parameters of any type to the Symfony web crawler#37740
#38417
#37755
Labels
BrowserKitBugGood first issueIdeal for your first contribution! (some Symfony experience may be required)Help wantedIssues and PRs which are looking for volunteers to complete them.Status: Needs Review
@rgeraads

Description

@rgeraads
rgeraads
opened on Aug 5, 2020

Symfony version(s) affected: 5.1

Description
It is possible to pass request parameters of any type to the Symfony web crawler, something that's not possible in actual requests.

How to reproduce
On the sending end:

        $client = static::createClient();
        $client->request('POST', '/endpoint', [
            'foo' => 'bar',
            'baz' => 1.1,
            'boz' => Uuid::uuid4(),
        ]);

On the receiving end:

        var_dump($request->get('foo')); // 'bar'
        var_dump($request->get('baz')); // 1.1
        var_dump($request->get('boz')); // object(Ramsey\Uuid\Lazy\LazyUuidFromString)

Possible Solution
Values in the request parameters should be restricted to strings. Any other type should result in an error.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BrowserKitBugGood first issueIdeal for your first contribution! (some Symfony experience may be required)Help wantedIssues and PRs which are looking for volunteers to complete them.Status: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions