8000 fix(security): ensure the 'route' index is set before attempting to u… · symfony/symfony@7ae578c · GitHub
[go: up one dir, main page]
Skip to content

Commit 7ae578c

Browse files
gsdevmefabpot
gsdevme
authored and
fabpot
committed
fix(security): ensure the 'route' index is set before attempting to use it
1 parent f4172b0 commit 7ae578c

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

src/Symfony/Component/Security/Http/HttpUtils.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ public function checkRequestPath(Request $request, $path)
108108
$parameters = $this->urlMatcher->match($request->getPathInfo());
109109
}
110110

111-
return $path === $parameters['_route'];
111+
return isset($parameters['_route']) && $path === $parameters['_route'];
112112
} catch (MethodNotAllowedException $e) {
113113
return false;
114114
} catch (ResourceNotFoundException $e) {

src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,19 @@ public function testCheckRequestPathWithUrlMatcherLoadingException()
221221
$utils->checkRequestPath($this->getRequest(), 'foobar');
222222
}
223223

224+
public function testCheckPathWithoutRouteParam()
225+
{
226+
$urlMatcher = $this->getMockBuilder('Symfony\Component\Routing\Matcher\UrlMatcherInterface')->getMock();
227+
$urlMatcher
228+
->expects($this->any())
229+
->method('match')
230+
->willReturn(array('_controller' => 'PathController'))
231+
;
232+
233+
$utils = new HttpUtils(null, $urlMatcher);
234+
$this->assertFalse($utils->checkRequestPath($this->getRequest(), 'path/index.html'));
235+
}
236+
224237
/**
225238
* @expectedException \InvalidArgumentException
226239
* @expectedExceptionMessage Matcher must either implement UrlMatcherInterface or RequestMatcherInterface

0 commit comments

Comments
 (0)
0