Merge branch '6.1' into 6.2

nicolas-grekas · nicolas-grekas · commit b6878e083f9b · 2022-09-08T11:35:13.000+02:00
* 6.1:
  [HttpClient] Fix computing retry delay when using RetryableHttpClient
  [Uid] Fix validating UUID variant bits
  [Validator][UID] Stop to first ULID format violation
  [Bridge] Fix mkdir() race condition in ProxyCacheWarmer
  [Cache] update readme
  Bug #42343 [Security] Fix valid remember-me token exposure to the second consequent request
  Prevent exception if request stack is empty
  Psr18Client ignore invalid HTTP headers
  skip a transient test on AppVeyor
diff --git a/Tests/UuidTest.php b/Tests/UuidTest.php
@@ -44,6 +44,32 @@ public function provideInvalidUuids(): iterable
         yield ['these are just thirty-six characters'];
     }
 
+    /**
+     * @dataProvider provideInvalidVariant
+     */
+    public function testInvalidVariant(string $uuid)
+    {
+        $uuid = new Uuid($uuid);
+        $this->assertFalse(Uuid::isValid($uuid));
+
+        $uuid = (string) $uuid;
+        $class = Uuid::class.'V'.$uuid[14];
+
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid UUIDv'.$uuid[14].': "'.$uuid.'".');
+
+        new $class($uuid);
+    }
+
+    public function provideInvalidVariant(): iterable
+    {
+        yield ['8dac64d3-937a-1e7c-fa1d-d5d6c06a61f5'];
+        yield ['8dac64d3-937a-3e7c-fa1d-d5d6c06a61f5'];
+        yield ['8dac64d3-937a-4e7c-fa1d-d5d6c06a61f5'];
+        yield ['8dac64d3-937a-5e7c-fa1d-d5d6c06a61f5'];
+        yield ['8dac64d3-937a-6e7c-fa1d-d5d6c06a61f5'];
+    }
+
     public function testConstructorWithValidUuid()
     {
         $uuid = new UuidV4(self::A_UUID_V4);
diff --git a/Ulid.php b/Ulid.php
@@ -61,8 +61,8 @@ public static function isValid(string $ulid): bool
 
     public static function fromString(string $ulid): static
     {
-        if (36 === \strlen($ulid) && Uuid::isValid($ulid)) {
-            $ulid = (new Uuid($ulid))->toBinary();
+        if (36 === \strlen($ulid) && preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $ulid)) {
+            $ulid = uuid_parse($ulid);
         } elseif (22 === \strlen($ulid) && 22 === strspn($ulid, BinaryUtil::BASE58[''])) {
             $ulid = str_pad(BinaryUtil::fromBase($ulid, BinaryUtil::BASE58), 16, "\0", \STR_PAD_LEFT);
         }
diff --git a/Uuid.php b/Uuid.php
@@ -26,7 +26,7 @@ class Uuid extends AbstractUid
     protected const TYPE = 0;
     protected const NIL = '00000000-0000-0000-0000-000000000000';
 
-    public function __construct(string $uuid)
+    public function __construct(string $uuid, bool $checkVariant = false)
     {
         $type = preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $uuid) ? (int) $uuid[14] : false;
 
@@ -35,6 +35,10 @@ public function __construct(string $uuid)
         }
 
         $this->uid = strtolower($uuid);
+
+        if ($checkVariant && !\in_array($this->uid[19], ['8', '9', 'a', 'b'], true)) {
+            throw new \InvalidArgumentException(sprintf('Invalid UUID%s: "%s".', static::TYPE ? 'v'.static::TYPE : '', $uuid));
+        }
     }
 
     public static function fromString(string $uuid): static
@@ -64,6 +68,10 @@ public static function fromString(string $uuid): static
             return new NilUuid();
         }
 
+        if (!\in_array($uuid[19], ['8', '9', 'a', 'b', 'A', 'B'], true)) {
+            return new self($uuid);
+        }
+
         return match ((int) $uuid[14]) {
             UuidV1::TYPE => new UuidV1($uuid),
             UuidV3::TYPE => new UuidV3($uuid),
@@ -107,7 +115,7 @@ final public static function v6(): UuidV6
 
     public static function isValid(string $uuid): bool
     {
-        if (!preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $uuid)) {
+        if (!preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){2}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$}Di', $uuid)) {
             return false;
         }
 
diff --git a/UuidV1.php b/UuidV1.php
@@ -27,7 +27,7 @@ public function __construct(string $uuid = null)
         if (null === $uuid) {
             $this->uid = uuid_create(static::TYPE);
         } else {
-            parent::__construct($uuid);
+            parent::__construct($uuid, true);
         }
     }
 
diff --git a/UuidV3.php b/UuidV3.php
@@ -21,4 +21,9 @@
 class UuidV3 extends Uuid
 {
     protected const TYPE = 3;
+
+    public function __construct(string $uuid)
+    {
+        parent::__construct($uuid, true);
+    }
 }
diff --git a/UuidV4.php b/UuidV4.php
@@ -30,7 +30,7 @@ public function __construct(string $uuid = null)
 
             $this->uid = substr($uuid, 0, 8).'-'.substr($uuid, 8, 4).'-'.substr($uuid, 12, 4).'-'.substr($uuid, 16, 4).'-'.substr($uuid, 20, 12);
         } else {
-            parent::__construct($uuid);
+            parent::__construct($uuid, true);
         }
     }
 }
diff --git a/UuidV5.php b/UuidV5.php
@@ -21,4 +21,9 @@
 class UuidV5 extends Uuid
 {
     protected const TYPE = 5;
+
+    public function __construct(string $uuid)
+    {
+        parent::__construct($uuid, true);
+    }
 }
diff --git a/UuidV6.php b/UuidV6.php
@@ -29,7 +29,7 @@ public function __construct(string $uuid = null)
         if (null === $uuid) {
             $this->uid = static::generate();
         } else {
-            parent::__construct($uuid);
+            parent::__construct($uuid, true);
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -61,8 +61,8 @@ public static function isValid(string $ulid): bool`
`61`	`61`
`62`	`62`	`public static function fromString(string $ulid): static`
`63`	`63`	`{`
`64`		`- if (36 === \strlen($ulid) && Uuid::isValid($ulid)) {`
`65`		`- $ulid = (new Uuid($ulid))->toBinary();`
	`64`	`+ if (36 === \strlen($ulid) && preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $ulid)) {`
	`65`	`+ $ulid = uuid_parse($ulid);`
`66`	`66`	`} elseif (22 === \strlen($ulid) && 22 === strspn($ulid, BinaryUtil::BASE58[''])) {`
`67`	`67`	`$ulid = str_pad(BinaryUtil::fromBase($ulid, BinaryUtil::BASE58), 16, "\0", \STR_PAD_LEFT);`
`68`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ class Uuid extends AbstractUid`
`26`	`26`	`protected const TYPE = 0;`
`27`	`27`	`protected const NIL = '00000000-0000-0000-0000-000000000000';`
`28`	`28`
`29`		`- public function __construct(string $uuid)`
	`29`	`+ public function __construct(string $uuid, bool $checkVariant = false)`
`30`	`30`	`{`
`31`	`31`	`$type = preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $uuid) ? (int) $uuid[14] : false;`
`32`	`32`
`@@ -35,6 +35,10 @@ public function __construct(string $uuid)`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`$this->uid = strtolower($uuid);`
	`38`	`+`
	`39`	`+ if ($checkVariant && !\in_array($this->uid[19], ['8', '9', 'a', 'b'], true)) {`
	`40`	`+ throw new \InvalidArgumentException(sprintf('Invalid UUID%s: "%s".', static::TYPE ? 'v'.static::TYPE : '', $uuid));`
	`41`	`+ }`
`38`	`42`	`}`
`39`	`43`
`40`	`44`	`public static function fromString(string $uuid): static`
`@@ -64,6 +68,10 @@ public static function fromString(string $uuid): static`
`64`	`68`	`return new NilUuid();`
`65`	`69`	`}`
`66`	`70`
	`71`	`+ if (!\in_array($uuid[19], ['8', '9', 'a', 'b', 'A', 'B'], true)) {`
	`72`	`+ return new self($uuid);`
	`73`	`+ }`
	`74`	`+`
`67`	`75`	`return match ((int) $uuid[14]) {`
`68`	`76`	`UuidV1::TYPE => new UuidV1($uuid),`
`69`	`77`	`UuidV3::TYPE => new UuidV3($uuid),`
`@@ -107,7 +115,7 @@ final public static function v6(): UuidV6`
`107`	`115`
`108`	`116`	`public static function isValid(string $uuid): bool`
`109`	`117`	`{`
`110`		`- if (!preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}$}Di', $uuid)) {`
	`118`	`+ if (!preg_match('{^[0-9a-f]{8}(?:-[0-9a-f]{4}){2}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$}Di', $uuid)) {`
`111`	`119`	`return false;`
`112`	`120`	`}`
`113`	`121`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public function __construct(string $uuid = null)`
`27`	`27`	`if (null === $uuid) {`
`28`	`28`	`$this->uid = uuid_create(static::TYPE);`
`29`	`29`	`} else {`
`30`		`- parent::__construct($uuid);`
	`30`	`+ parent::__construct($uuid, true);`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
Original file line number	Diff line number	Diff line change
`@@ -21,4 +21,9 @@`
`21`	`21`	`class UuidV3 extends Uuid`
`22`	`22`	`{`
`23`	`23`	`protected const TYPE = 3;`
	`24`	`+`
	`25`	`+ public function __construct(string $uuid)`
	`26`	`+ {`
	`27`	`+ parent::__construct($uuid, true);`
	`28`	`+ }`
`24`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public function __construct(string $uuid = null)`
`30`	`30`
`31`	`31`	`$this->uid = substr($uuid, 0, 8).'-'.substr($uuid, 8, 4).'-'.substr($uuid, 12, 4).'-'.substr($uuid, 16, 4).'-'.substr($uuid, 20, 12);`
`32`	`32`	`} else {`
`33`		`- parent::__construct($uuid);`
	`33`	`+ parent::__construct($uuid, true);`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public function __construct(string $uuid = null)`
`29`	`29`	`if (null === $uuid) {`
`30`	`30`	`$this->uid = static::generate();`
`31`	`31`	`} else {`
`32`		`- parent::__construct($uuid);`
	`32`	`+ parent::__construct($uuid, true);`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`