[SECURITY][TASK] Remove support for native PHP yaml extension

Resolves: #85424 Releases: master, 8.7 Security-Commit: 82619eb231e725d77fb8196f0b6bfca9f722bc4f Security-Bulletin: TYPO3-CORE-SA-2018-004 Change-Id: Ic104c79ebfc1daff0b05b0f5531345b5bf7ce74b Reviewed-on: https://review.typo3.org/57563 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>

[SECURITY][TASK] Remove support for native PHP yaml extension
Resolves: #85424 Releases: master, 8.7 Security-Commit: 82619eb231e725d77fb8196f0b6bfca9f722bc4f Security-Bulletin: TYPO3-CORE-SA-2018-004 Change-Id: Ic104c79ebfc1daff0b05b0f5531345b5bf7ce74b Reviewed-on: https://review.typo3.org/57563 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
a6ce4ab0 · Oliver Hader · Oliver Hader · 8203657f · a6ce4ab0 · a6ce4ab0
Commit a6ce4ab0 authored 6 years ago by Oliver Hader Committed by Oliver Hader 6 years ago
--- a/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
+++ b/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
@@ -37,31 +37,11 @@ use TYPO3\CMS\Form\Slot\FilePersistenceSlot;
 */
 class YamlSource
 {
-    /**
-     * Will be set if the PHP YAML Extension is installed.
-     * Having this installed massively improves YAML parsing performance.
-     *
-     * @var bool
-     * @see http://pecl.php.net/package/yaml
-     */
-    protected $usePhpYamlExtension = false;
-
    /**
     * @var FilePersistenceSlot
     */
    protected $filePersistenceSlot;

-    /**
-     * Use PHP YAML Extension if installed.
-     * @internal
-     */
-    public function __construct()
-    {
-        if (extension_loaded('yaml')) {
-            $this->usePhpYamlExtension = true;
-        }
-    }
-
    /**
     * @param FilePersistenceSlot $filePersistenceSlot
     */
@@ -107,17 +87,7 @@ class YamlSource
            }

            try {
-                if ($this->usePhpYamlExtension) {
-                    $loadedConfiguration = @yaml_parse($rawYamlContent);
-                    if ($loadedConfiguration === false) {
-                        throw new ParseErrorException(
-                            'A parse error occurred while parsing file "' . $fileIdentifier . '".',
-                            1391894094
-                        );
-                    }
-                } else {
-                    $loadedConfiguration = Yaml::parse($rawYamlContent);
-                }
+                $loadedConfiguration = Yaml::parse($rawYamlContent);

                if (is_array($loadedConfiguration)) {
                    $configuration = array_replace_recursive($configuration, $loadedConfiguration);

--- a/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
+++ b/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
@@ -49,32 +49,8 @@ class YamlSourceTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
     */
    public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUseSymfonyParser()
    {
-        if (!extension_loaded('yaml')) {
-            $this->expectException(ParseErrorException::class);
-            $this->expectExceptionCode(1480195405);
-
-            $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
-                'dummy',
-            ], [], '', false);
-
-            $input = [
-                'EXT:form/Tests/Unit/Mvc/Configuration/Fixtures/Invalid.yaml'
-            ];
-
-            $mockYamlSource->_call('load', $input);
-        }
-    }
-
-    /**
-     * @test
-     */
-    public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUsePhpExtensionParser()
-    {
-        if (!extension_loaded('yaml')) {
-            $this->markTestSkipped('Yaml PHP extension not available, skipping.');
-        }
        $this->expectException(ParseErrorException::class);
-        $this->expectExceptionCode(1391894094);
+        $this->expectExceptionCode(1480195405);

        $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
            'dummy',