deprecate parsing octal numbers with invalid formats

symfony · May 4, 2020 · 671f0ca · 671f0ca
1 parent e9be741
commit 671f0ca
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/UPGRADE-5.1.md b/UPGRADE-5.1.md
@@ -164,4 +164,5 @@ Security
 Yaml
 ----
 
+ * Deprecated support for parsing invalid octal numbers.
  * Deprecated using the `!php/object` and `!php/const` tags without a value.
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -111,4 +111,5 @@ Security
 Yaml
 ----
 
+ * Removed support for parsing invalid octal numbers.
  * Removed support for using the `!php/object` and `!php/const` tags without a value.
diff --git a/src/Symfony/Component/Yaml/CHANGELOG.md b/src/Symfony/Component/Yaml/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 5.1.0
 -----
 
+ * Deprecated support for parsing invalid octal numbers.
  * Added `yaml-lint` binary.
  * Deprecated using the `!php/object` and `!php/const` tags without a value.
 

diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php
@@ -644,12 +644,20 @@ private static function evaluateScalar(string $scalar, int $flags, array $refere
                         $raw = $scalar;
                         $cast = (int) $scalar;
 
+                        if ('0' === $scalar[0] && !Parser::preg_match('/^[0-7]*$/', $scalar)) {
+                            @trigger_error(sprintf('Support for parsing the invalid octal number %s is deprecated since Symfony 5.1.', $scalar), E_USER_DEPRECATED);
+                        }
+
                         return '0' == $scalar[0] ? octdec($scalar) : (((string) $raw == (string) $cast) ? $cast : $raw);
                     case '-' === $scalar[0] && ctype_digit(substr($scalar, 1)):
                         $raw = $scalar;
                         $cast = (int) $scalar;
 
-                        return '0' == $scalar[1] ? -octdec(substr($scalar, 1)) : (($raw === (string) $cast) ? $cast : $raw);
+                        if ('0' === $scalar[1] && !Parser::preg_match('/^[0-7]*$/', $octal = substr($scalar, 1))) {
+                            @trigger_error(sprintf('Support for parsing the invalid octal number %s is deprecated since Symfony 5.1.', $scalar), E_USER_DEPRECATED);
+                        }
+
+                        return '0' == $scalar[1] ? -octdec($octal) : (($raw === (string) $cast) ? $cast : $raw);
                     case is_numeric($scalar):
                     case Parser::preg_match(self::getHexRegex(), $scalar):
                         $scalar = str_replace('_', '', $scalar);

diff --git a/src/Symfony/Component/Yaml/Tests/InlineTest.php b/src/Symfony/Component/Yaml/Tests/InlineTest.php
@@ -856,4 +856,22 @@ public function quotedExclamationMarkProvider()
             [['!'], '! ["!"]'],
         ];
     }
+
+    /**
+     * @group legacy
+     * @expectedDeprecation Support for parsing the invalid octal number 0123456789 is deprecated since Symfony 5.1.
+     */
+    public function testParseInvalidPositiveOctalNumber()
+    {
+        self::assertSame(342391, Inline::parse('0123456789'));
+    }
+
+    /**
+     * @group legacy
+     * @expectedDeprecation Support for parsing the invalid octal number -0123456789 is deprecated since Symfony 5.1.
+     */
+    public function testParseInvalidNegativeOctalNumber()
+    {
+        self::assertSame(-342391, Inline::parse('-0123456789'));
+    }
 }