8000 [ Security ][ Firewall ] Bug in the last version with SimpleFormAuthentication · Issue #26172 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content
[ Security ][ Firewall ] Bug in the last version with SimpleFormAuthentication #26172
New issue
New issue
Closed
Closed
[ Security ][ Firewall ] Bug in the last version with SimpleFormAuthentication#26172
Labels
BugSecurityStatus: Reviewed
@luismatesanz

Description

@luismatesanz
luismatesanz
opened on Feb 14, 2018
Q A
Bug report? yes
Feature request? no
BC Break report?
RFC?
Symfony version Since version 2.7

In the last version im detected a bug in component SimpleFormAuthentication when check if only accept method POST. If configuration security form set "post_only: false" the variable $requestBag get a Object Request and try getParameterBagValue with object wrong.

path:symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
namespace Symfony\Component\Security\Http\Firewall;
method: protected function attemptAuthentication(Request $request)
line: 102

        $requestBag = $this->options['post_only'] ? $request->request : $request;
        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);

For fix the problem i need downgrade version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Reviewed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0