Merge branch '7.4' into 8.0

nicolas-grekas · nicolas-grekas · commit f4876003bc15 · 2025-09-08T09:00:56.000+02:00
* 7.4:
  [SecurityBundle] Fix tests on Windows
  use the empty string instead of null as an array offset
  pass the empty string instead of null as key to array_key_exists()
  fix test setup
  [Validator] Review Turkish translations
  [Validator] Review Croatian translations
  [Console] Add #[Input] attribute to support DTOs in commands
  [Security][SecurityBundle] Dump role hierarchy as mermaid chart
  [DependencyInjection] Allow `Class::function(...)` and `global_function(...)` closures in PHP DSL for factories
  [VarExporter] Add support for exporting named closures
  [Validator] Review translations for Polish (pl)
  use the empty string instead of null as an array offset
  Review translations for Chinese (zh_TW)
  [Serializer] Adjust ObjectNormalizerTest for the accessor method changes from #61097
  fix merge
  [Security] Fix `HttpUtils::createRequest()` when the base request is forwarded
  map legacy options to the "sentinel" key when parsing DSNs
  fix setup to actually run Redis Sentinel/Cluster integration tests
  [Routing] Don't rebuild cache when controller action body changes
diff --git a/HttpUtils.php b/HttpUtils.php
@@ -65,7 +65,13 @@ public function createRedirectResponse(Request $request, string $path, int $stat
      */
     public function createRequest(Request $request, string $path): Request
     {
+        if ($trustedProxies = Request::getTrustedProxies()) {
+            Request::setTrustedProxies([], Request::getTrustedHeaderSet());
+        }
         $newRequest = Request::create($this->generateUri($request, $path), 'get', [], $request->cookies->all(), [], $request->server->all());
+        if ($trustedProxies) {
+            Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
+        }
 
         static $setSession;
 
diff --git a/Logout/LogoutUrlGenerator.php b/Logout/LogoutUrlGenerator.php
@@ -138,8 +138,8 @@ private function getListener(?string $key): array
         }
 
         // Fetch from injected current firewall information, if possible
-        if (isset($this->listeners[$this->currentFirewallName])) {
-            return $this->listeners[$this->currentFirewallName];
+        if (isset($this->listeners[$this->currentFirewallName ?? ''])) {
+            return $this->listeners[$this->currentFirewallName ?? ''];
         }
 
         foreach ($this->listeners as $listener) {
diff --git a/Tests/HttpUtilsTest.php b/Tests/HttpUtilsTest.php
@@ -228,6 +228,16 @@ public static function provideSecurityRequestAttributes()
         ];
     }
 
+    public function testCreateRequestHandlesTrustedHeaders()
+    {
+        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_PREFIX);
+
+        $this->assertSame(
+            'http://localhost/foo/',
+            (new HttpUtils())->createRequest(Request::create('/', server: ['HTTP_X_FORWARDED_PREFIX' => '/foo']), '/')->getUri(),
+        );
+    }
+
     public function testCheckRequestPath()
     {
         $utils = new HttpUtils($this->getUrlGenerator());

Original file line number	Diff line number	Diff line change
`@@ -138,8 +138,8 @@ private function getListener(?string $key): array`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`// Fetch from injected current firewall information, if possible`
`141`		`- if (isset($this->listeners[$this->currentFirewallName])) {`
`142`		`- return $this->listeners[$this->currentFirewallName];`
	`141`	`+ if (isset($this->listeners[$this->currentFirewallName ?? ''])) {`
	`142`	`+ return $this->listeners[$this->currentFirewallName ?? ''];`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`foreach ($this->listeners as $listener) {`