[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass

fancyweb · fancyweb · commit de03cee8466d · 2019-12-03T19:26:40.000+01:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php
@@ -31,7 +31,7 @@ public function process(ContainerBuilder $container)
         }
 
         $sessionOptions = $container->getParameter('session.storage.options');
-        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
+        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
         $domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
 
         $container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function process(ContainerBuilder $container)`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`$sessionOptions = $container->getParameter('session.storage.options');`
`34`		`- $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s\|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));`
	`34`	`+ $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s\|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));`
`35`	`35`	`$domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;`
`36`	`36`
`37`	`37`	`$container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));`