Merge branch '7.1' into 7.2

* 7.1: (34 commits) improve amqp connection issues [Serializer] [ObjectNormalizer] Filter int when using FILTER_BOOL Fix #53778 [PropertyInfo] Add missing test fix tests [Security][Validators] Review translations. [validator] Updated Dutch translation [FrameworkBundle] Fix wiring ConsoleProfilerListener [HttpKernel] Fix link to php doc [Validator] Update sr_Cyrl 120:This value is not a valid slug. [Validator] Update sr_Latn 120:This value is not a valid slug. 6.4 Missing translations for Italian (it) #59419 tests(notifier): avoid failing SNS test with local AWS configuration Fix typo ratio comment chore: PropertyAccess - fix typo in DocBlock [Validator] Missing translations for Brazilian Portuguese (pt_BR) fix(dependency-injection): reset env vars with kernel.reset [Translation][Validator] Review Russian translation (114 - 120) Review validator-related persian translation with id 120 [Scheduler] Clarify description of exclusion time ...
symfony · Jan 17, 2025 · ee1b504 · ee1b504
2 parents 62d1a43 + 7ced01a
commit ee1b504
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/IpUtils.php b/IpUtils.php
@@ -196,6 +196,16 @@ public static function anonymize(string $ip/* , int $v4Bytes = 1, int $v6Bytes =
             throw new \InvalidArgumentException('Cannot anonymize more than 4 bytes for IPv4 and 16 bytes for IPv6.');
         }
 
+        /**
+         * If the IP contains a % symbol, then it is a local-link address with scoping according to RFC 4007
+         * In that case, we only care about the part before the % symbol, as the following functions, can only work with
+         * the IP address itself. As the scope can leak information (containing interface name), we do not want to
+         * include it in our anonymized IP data.
+         */
+        if (str_contains($ip, '%')) {
+            $ip = substr($ip, 0, strpos($ip, '%'));
+        }
+
         $wrappedIPv6 = false;
         if (str_starts_with($ip, '[') && str_ends_with($ip, ']')) {
             $wrappedIPv6 = true;

diff --git a/RequestStack.php b/RequestStack.php
@@ -114,4 +114,11 @@ public function getSession(): SessionInterface
 
         throw new SessionNotFoundException();
     }
+
+    public function resetRequestFormats(): void
+    {
+        static $resetRequestFormats;
+        $resetRequestFormats ??= \Closure::bind(static fn () => self::$formats = null, null, Request::class);
+        $resetRequestFormats();
+    }
 }
diff --git a/Tests/IpUtilsTest.php b/Tests/IpUtilsTest.php
@@ -147,6 +147,7 @@ public static function anonymizedIpData()
             ['[2a01:198::3]', '[2a01:198::]'],
             ['::ffff:123.234.235.236', '::ffff:123.234.235.0'], // IPv4-mapped IPv6 addresses
             ['::123.234.235.236', '::123.234.235.0'], // deprecated IPv4-compatible IPv6 address
+            ['fe80::1fc4:15d8:78db:2319%enp4s0', 'fe80::'], // IPv6 link-local with RFC4007 scoping
         ];
     }
 

diff --git a/Tests/RequestStackTest.php b/Tests/RequestStackTest.php
@@ -74,4 +74,18 @@ public function testGetParentRequest()
         $requestStack->push($secondSubRequest);
         $this->assertSame($firstSubRequest, $requestStack->getParentRequest());
     }
+
+    public function testResetRequestFormats()
+    {
+        $requestStack = new RequestStack();
+
+        $request = Request::create('/foo');
+        $request->setFormat('foo', ['application/foo']);
+
+        $this->assertSame(['application/foo'], $request->getMimeTypes('foo'));
+
+        $requestStack->resetRequestFormats();
+
+        $this->assertSame([], $request->getMimeTypes('foo'));
+    }
 }