[Security] Fix exception when use_referer option is true and referer is not set or empty

linniksa · fabpot · commit a29e0694de13 · 2017-09-07T07:52:52.000-07:00
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
@@ -118,12 +118,11 @@ protected function determineTargetUrl(Request $request)
             return $targetUrl;
         }
 
-        if ($this->options['use_referer']) {
-            $targetUrl = $request->headers->get('Referer');
+        if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {
             if (false !== $pos = strpos($targetUrl, '?')) {
                 $targetUrl = substr($targetUrl, 0, $pos);
             }
-            if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
+            if ($targetUrl && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
                 return $targetUrl;
             }
         }
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
@@ -83,6 +83,16 @@ public function getRequestRedirections()
                 array(),
                 '/',
             ),
+            'target path as referer when referer not set' => array(
+                Request::create('/'),
+                array('use_referer' => true),
+                '/',
+            ),
+            'target path as referer when referer is ?' => array(
+                Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => '?')),
+                array('use_referer' => true),
+                '/',
+            ),
             'target path should be different than login URL' => array(
                 Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login')),
                 array('use_referer' => true, 'login_path' => '/login'),
