From a6ce4ab05c802419de72d35059293b8ea4df639d Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Thu, 12 Jul 2018 11:36:39 +0200
Subject: [PATCH] [SECURITY][TASK] Remove support for native PHP yaml extension
Resolves: #85424
Releases: master, 8.7
Security-Commit: 82619eb231e725d77fb8196f0b6bfca9f722bc4f
Security-Bulletin: TYPO3-CORE-SA-2018-004
Change-Id: Ic104c79ebfc1daff0b05b0f5531345b5bf7ce74b
Reviewed-on: https://review.typo3.org/57563
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
---
.../Classes/Mvc/Configuration/YamlSource.php | 32 +------------------
.../Unit/Mvc/Configuration/YamlSourceTest.php | 26 +--------------
2 files changed, 2 insertions(+), 56 deletions(-)
diff --git a/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php b/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
index 9105fcfc1618..a7a4adc6f873 100644
--- a/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
+++ b/typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
@@ -37,31 +37,11 @@ use TYPO3\CMS\Form\Slot\FilePersistenceSlot;
*/
class YamlSource
{
- /**
- * Will be set if the PHP YAML Extension is installed.
- * Having this installed massively improves YAML parsing performance.
- *
- * @var bool
- * @see http://pecl.php.net/package/yaml
- */
- protected $usePhpYamlExtension = false;
-
/**
* @var FilePersistenceSlot
*/
protected $filePersistenceSlot;
- /**
- * Use PHP YAML Extension if installed.
- * @internal
- */
- public function __construct()
- {
- if (extension_loaded('yaml')) {
- $this->usePhpYamlExtension = true;
- }
- }
-
/**
* @param FilePersistenceSlot $filePersistenceSlot
*/
@@ -107,17 +87,7 @@ class YamlSource
}
try {
- if ($this->usePhpYamlExtension) {
- $loadedConfiguration = @yaml_parse($rawYamlContent);
- if ($loadedConfiguration === false) {
- throw new ParseErrorException(
- 'A parse error occurred while parsing file "' . $fileIdentifier . '".',
- 1391894094
- );
- }
- } else {
- $loadedConfiguration = Yaml::parse($rawYamlContent);
- }
+ $loadedConfiguration = Yaml::parse($rawYamlContent);
if (is_array($loadedConfiguration)) {
$configuration = array_replace_recursive($configuration, $loadedConfiguration);
diff --git a/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php b/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
index 695c3b644b2e..6f2b0f9dc7b8 100644
--- a/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
+++ b/typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php
@@ -49,32 +49,8 @@ class YamlSourceTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
*/
public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUseSymfonyParser()
{
- if (!extension_loaded('yaml')) {
- $this->expectException(ParseErrorException::class);
- $this->expectExceptionCode(1480195405);
-
- $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
- 'dummy',
- ], [], '', false);
-
- $input = [
- 'EXT:form/Tests/Unit/Mvc/Configuration/Fixtures/Invalid.yaml'
- ];
-
- $mockYamlSource->_call('load', $input);
- }
- }
-
- /**
- * @test
- */
- public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUsePhpExtensionParser()
- {
- if (!extension_loaded('yaml')) {
- $this->markTestSkipped('Yaml PHP extension not available, skipping.');
- }
$this->expectException(ParseErrorException::class);
- $this->expectExceptionCode(1391894094);
+ $this->expectExceptionCode(1480195405);
$mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
'dummy',
--
GitLab