Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ExpressionLanguage] Remove misleading warning #19960

Merged
merged 1 commit into from
Jun 26, 2024
Merged

[ExpressionLanguage] Remove misleading warning #19960

merged 1 commit into from
Jun 26, 2024

Conversation

valepu
Copy link
Contributor

@valepu valepu commented Jun 13, 2024

Fixes #17978

The warning I am removing was created after #8259 but the issue used an incorrect regex to show a potential problem which doesn't exist.

In my issue I show that it's not actually possible to inject control characters. I would still suggest for someone more involved in symfony development to investigate further, if the expression language is used in the security component this would need more than just a warning

@javiereguiluz
Copy link
Member

I read again the issue #17978 and I think this proposal is correct.

But, let me ping smart folks like @nicolas-grekas @chalasr and @stof so they can double check this. Thanks!

@javiereguiluz javiereguiluz added the Waiting team decision Request for comments from Symfony Docs Team members label Jun 25, 2024
nicolas-grekas
nicolas-grekas approved these changes Jun 25, 2024
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for branch 5.4 then?

@OskarStark OskarStark removed the Waiting team decision Request for comments from Symfony Docs Team members label Jun 25, 2024
@javiereguiluz javiereguiluz added this to the 5.4 milestone Jun 26, 2024
@valepu @javiereguiluz
Remove misleading warning
e9d242d 
Fixes symfony#17978 

The warning I am removing was created after symfony#8259 but the issue used an incorrect regex to show a potential problem which doesn't exist.

In my issue I show that it's not actually possible to inject control characters. I would still suggest for someone more involved in symfony development to investigate further, if the expression language is used in the security component this would need more than just a warning
@javiereguiluz javiereguiluz changed the base branch from 7.1 to 5.4 June 26, 2024 07:42
@javiereguiluz
Copy link
Member

Merged! (in 5.4 and up) Thanks @valepu and congrats on your first Symfony Docs contribution 🎉

@javiereguiluz javiereguiluz merged commit 506830a into symfony:5.4 Jun 26, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@xabbuh xabbuh Awaiting requested review from xabbuh

@OskarStark OskarStark Awaiting requested review from OskarStark

Assignees
No one assigned
Labels
ExpressionLanguage Status: Needs Review
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.

Misleading Warning in ExpressionLanguage Documentation
5 participants
@valepu @javiereguiluz @nicolas-grekas @OskarStark @carsonbot