Symfony version(s) affected: 5.2-dev

Description

As mentioned in https://github.com/symfony/symfony/pull/37218/files#r471609509, the current implementation of MongoDbStore::skimUri() may silently corrupt a MongoDB connection string by stripping repeated readPreferenceTags keys in a query string (permitted use case, as mentioned in the URI options spec).

How to reproduce

An example connection string is:

mongodb://rs.example.com/?readPreference=secondaryPreferred&readPreferenceTags=dc:foo&readPreferenceTags=dc:bar

After MongoDbStore::skimUri() processes this string, only a single readPreferenceTags option would remain.

Possible Solution

I think it would be preferable to capture the URI option with a regular expression and then, if anything was found, strip it from the returned string. While collection names have their own restrictions, for purposes of URI parsing I think it'd be suitable to use a pattern like /collection=([^&]*)/i (case-insensitive and only stopping at the end of a string or a & character that might precede the next key).

Additional context

Related to #37180 and corresponding PR (#37218).