Merge branch '7.1' into 7.2

* 7.1: fix: ignore missing directory in isVendor() [OptionsResolver] Allow Union/Intersection Types in Resolved Closures Issue #58821: [DependencyInjection] Support interfaces in ContainerBuilder::getReflectionClass(). Dynamically fix compatibility with doctrine/data-fixtures v2 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception don't call EntityManager::initializeObject() with scalar values make RelayProxyTrait compatible with relay extension 0.9.0 [Validator] review italian translations Update PR template
symfony · Nov 20, 2024 · 8672d96 · 8672d96
2 parents cd23537 + c90d12b
commit 8672d96
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/HttpCache/HttpCache.php b/HttpCache/HttpCache.php
@@ -17,6 +17,7 @@
 
 namespace Symfony\Component\HttpKernel\HttpCache;
 
+use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -704,7 +705,11 @@ private function getTraceKey(Request $request): string
             $path .= '?'.$qs;
         }
 
-        return $request->getMethod().' '.$path;
+        try {
+            return $request->getMethod().' '.$path;
+        } catch (SuspiciousOperationException) {
+            return '_BAD_METHOD_ '.$path;
+        }
     }
 
     /**

diff --git a/Tests/HttpCache/HttpCacheTest.php b/Tests/HttpCache/HttpCacheTest.php
@@ -108,6 +108,17 @@ public function testPassesOnNonGetHeadRequests()
         $this->assertFalse($this->response->headers->has('Age'));
     }
 
+    public function testPassesSuspiciousMethodRequests()
+    {
+        $this->setNextResponse(200);
+        $this->request('POST', '/', ['HTTP_X-HTTP-Method-Override' => '__CONSTRUCT']);
+        $this->assertHttpKernelIsCalled();
+        $this->assertResponseOk();
+        $this->assertTraceNotContains('stale');
+        $this->assertTraceNotContains('invalid');
+        $this->assertFalse($this->response->headers->has('Age'));
+    }
+
     public function testInvalidatesOnPostPutDeleteRequests()
     {
         foreach (['post', 'put', 'delete'] as $method) {