bug #45948 [RateLimiter] Adding default empty string value on Security::LAST_USERNAME (David-Crty)

chalasr · chalasr · commit 21955458a83c · 2022-04-08T00:43:51.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [RateLimiter] Adding default empty string value on Security::LAST_USERNAME Because `Security::LAST_USERNAME` not always exist, it can trigger a `preg_match(): Argument #2 ($subject) must be of type string` if $username is null The error is critical when having `declare(strict_types=1)`, to avoid issue when people create their own LoginRateLimiter from the DefaultLoginRateLimiter we can juste set a default empty string. | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | License | MIT Commits ------- 0fdfcae [RateLimiter] Adding default empty value
diff --git a/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php b/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php
@@ -37,7 +37,7 @@ public function __construct(RateLimiterFactory $globalFactory, RateLimiterFactor
 
     protected function getLimiters(Request $request): array
     {
-        $username = $request->attributes->get(Security::LAST_USERNAME);
+        $username = $request->attributes->get(Security::LAST_USERNAME, '');
         $username = preg_match('//u', $username) ? mb_strtolower($username, 'UTF-8') : strtolower($username);
 
         return [

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function __construct(RateLimiterFactory $globalFactory, RateLimiterFactor`
`37`	`37`
`38`	`38`	`protected function getLimiters(Request $request): array`
`39`	`39`	`{`
`40`		`- $username = $request->attributes->get(Security::LAST_USERNAME);`
	`40`	`+ $username = $request->attributes->get(Security::LAST_USERNAME, '');`
`41`	`41`	`$username = preg_match('//u', $username) ? mb_strtolower($username, 'UTF-8') : strtolower($username);`
`42`	`42`
`43`	`43`	`return [`