8000 [Security] Fix false-string handling in RememberMeAuthenticator · symfony/symfony@87c2bc2 · GitHub
[go: up one dir, main page]
Skip to content

Commit 87c2bc2

Browse files 8000
ossinkinenicolas-grekas
ossinkine
authored and
nicolas-grekas
committed
[Security] Fix false-string handling in RememberMeAuthenticator
1 parent e789e08 commit 87c2bc2

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed

src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ public function supports(Request $request): ?bool
7070
return false;
7171
}
7272

73-
if (!$request->cookies->has($this->cookieName)) {
73+
if (!$request->cookies->has($this->cookieName) || !\is_scalar($request->cookies->all()[$this->cookieName] ?: null)) {
7474
return false;
7575
}
7676

src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,9 @@ public static function provideSupportsData()
6161
$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'rememberme']);
6262
$request->attributes->set(ResponseListener::COOKIE_ATTR_NAME, new Cookie('_remember_me_cookie', null));
6363
yield [$request, false];
64+
65+
$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']);
66+
yield [$request, false];
6467
}
6568

6669
public function testAuthenticate()

0 commit comments

Comments
 (0)
0