Merge branch '4.3' into 4.4

* 4.3:
  [Console] Constant STDOUT might be undefined.
  Allow returning null from NormalizerInterface::normalize
  [Security\Core] throw AccessDeniedException when switch user fails
  [Mime] fix guessing mime-types of files with leading dash
  [HttpFoundation] fix guessing mime-types of files with leading dash
  [VarExporter] fix exporting some strings
  [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
  Use constant time comparison in UriSigner

Author: nicolas-grekas

Internal/Exporter.php

@@ -212,27 +212,28 @@ public static function export($value, $indent = '')
         $subIndent = $indent.'    ';
 
         if (\is_string($value)) {
-            $code = var_export($value, true);
-
-            if (false !== strpos($value, "\n") || false !== strpos($value, "\r")) {
-                $code = strtr($code, [
-                    "\r\n" => "'.\"\\r\\n\"\n".$subIndent.".'",
-                    "\r" => "'.\"\\r\"\n".$subIndent.".'",
-                    "\n" => "'.\"\\n\"\n".$subIndent.".'",
-                ]);
-            }
+            $code = sprintf("'%s'", addcslashes($value, "'\\"));
 
-            if (false !== strpos($value, "\0")) {
-                $code = str_replace('\' . "\0" . \'', '\'."\0".\'', $code);
-                $code = str_replace('".\'\'."', '', $code);
-            }
+            $code = preg_replace_callback('/([\0\r\n]++)(.)/', function ($m) use ($subIndent) {
+                $m[1] = sprintf('\'."%s".\'', str_replace(
+                    ["\0", "\r", "\n", '\n\\'],
+                    ['\0', '\r', '\n', '\n"'."\n".$subIndent.'."\\'],
+                    $m[1]
+                ));
 
-            if (false !== strpos($code, "''.")) {
-                $code = str_replace("''.", '', $code);
-            }
+                if ("'" === $m[2]) {
+                   return substr($m[1], 0, -2);
+                }
+
+                if ('n".\'' === substr($m[1], -4)) {
+                   return substr_replace($m[1], "\n".$subIndent.".'".$m[2], -2);
+                }
+
+               return $m[1].$m[2];
+            }, $code, -1, $count);
 
-            if (".''" === substr($code, -3)) {
-                $code = rtrim(substr($code, 0, -3));
+            if ($count && 0 === strpos($code, "''.")) {
+                $code = substr($code, 3);
             }
 
             return $code;

Tests/Fixtures/lf-ending-string.php

@@ -0,0 +1,4 @@
+<?php
+
+return '\'BOOM\''."\n"
+    .'.var_dump(123)//\'';

Tests/Fixtures/multiline-string.php

@@ -2,7 +2,6 @@
 
 return [
     "\0\0\r\n"
-        .'A' => 'B'."\r"
-        .'C'."\n"
+        .'A' => 'B'."\r".'C'."\n"
         ."\n",
 ];

Tests/VarExporterTest.php

@@ -112,6 +112,7 @@ public function testExport(string $testName, $value, bool $staticValueExpected =
     public function provideExport()
     {
         yield ['multiline-string', ["\0\0\r\nA" => "B\rC\n\n"], true];
+        yield ['lf-ending-string', "'BOOM'\n.var_dump(123)//'", true];
 
         yield ['bool', true, true];
         yield ['simple-array', [123, ['abc']], true];