[SECURITY][TASK] Remove support for native PHP yaml extension 63/57563/2
authorOliver Hader <oliver@typo3.org>
Thu, 12 Jul 2018 09:36:39 +0000 (11:36 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 12 Jul 2018 09:36:48 +0000 (11:36 +0200)
Resolves: #85424
Releases: master, 8.7
Security-Commit: 82619eb231e725d77fb8196f0b6bfca9f722bc4f
Security-Bulletin: TYPO3-CORE-SA-2018-004
Change-Id: Ic104c79ebfc1daff0b05b0f5531345b5bf7ce74b
Reviewed-on: https://review.typo3.org/57563
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/form/Classes/Mvc/Configuration/YamlSource.php
typo3/sysext/form/Tests/Unit/Mvc/Configuration/YamlSourceTest.php

index 9105fcf..a7a4adc 100644 (file)
@@ -38,31 +38,11 @@ use TYPO3\CMS\Form\Slot\FilePersistenceSlot;
 class YamlSource
 {
     /**
-     * Will be set if the PHP YAML Extension is installed.
-     * Having this installed massively improves YAML parsing performance.
-     *
-     * @var bool
-     * @see http://pecl.php.net/package/yaml
-     */
-    protected $usePhpYamlExtension = false;
-
-    /**
      * @var FilePersistenceSlot
      */
     protected $filePersistenceSlot;
 
     /**
-     * Use PHP YAML Extension if installed.
-     * @internal
-     */
-    public function __construct()
-    {
-        if (extension_loaded('yaml')) {
-            $this->usePhpYamlExtension = true;
-        }
-    }
-
-    /**
      * @param FilePersistenceSlot $filePersistenceSlot
      */
     public function injectFilePersistenceSlot(FilePersistenceSlot $filePersistenceSlot)
@@ -107,17 +87,7 @@ class YamlSource
             }
 
             try {
-                if ($this->usePhpYamlExtension) {
-                    $loadedConfiguration = @yaml_parse($rawYamlContent);
-                    if ($loadedConfiguration === false) {
-                        throw new ParseErrorException(
-                            'A parse error occurred while parsing file "' . $fileIdentifier . '".',
-                            1391894094
-                        );
-                    }
-                } else {
-                    $loadedConfiguration = Yaml::parse($rawYamlContent);
-                }
+                $loadedConfiguration = Yaml::parse($rawYamlContent);
 
                 if (is_array($loadedConfiguration)) {
                     $configuration = array_replace_recursive($configuration, $loadedConfiguration);
index 695c3b6..6f2b0f9 100644 (file)
@@ -49,32 +49,8 @@ class YamlSourceTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
      */
     public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUseSymfonyParser()
     {
-        if (!extension_loaded('yaml')) {
-            $this->expectException(ParseErrorException::class);
-            $this->expectExceptionCode(1480195405);
-
-            $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
-                'dummy',
-            ], [], '', false);
-
-            $input = [
-                'EXT:form/Tests/Unit/Mvc/Configuration/Fixtures/Invalid.yaml'
-            ];
-
-            $mockYamlSource->_call('load', $input);
-        }
-    }
-
-    /**
-     * @test
-     */
-    public function loadThrowsExceptionIfFileToLoadIsNotValidYamlUsePhpExtensionParser()
-    {
-        if (!extension_loaded('yaml')) {
-            $this->markTestSkipped('Yaml PHP extension not available, skipping.');
-        }
         $this->expectException(ParseErrorException::class);
-        $this->expectExceptionCode(1391894094);
+        $this->expectExceptionCode(1480195405);
 
         $mockYamlSource = $this->getAccessibleMock(YamlSource::class, [
             'dummy',