[Security] Avoid unnecessary route lookup for empty logout path

symfony · fabpot · May 11, 2017 · Apr 29, 2017 · Apr 29, 2017 · 2967807b14dbc6af8b0e8732889b8da04e1af64b
commit 2967807b14dbc6af8b0e8732889b8da04e1af64b
diff --git a/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php b/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
@@ -135,6 +135,6 @@ public function handle(GetResponseEvent $event)
      */
     protected function requiresLogout(Request $request)
     {
-        return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
+        return isset($this->options['logout_path']) && $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
     }
 }
diff --git a/src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php b/src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php
@@ -112,6 +112,10 @@ private function generateLogoutUrl($key, $referenceType)
 
         list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key];
 
+        if (null === $logoutPath) {
+            throw new \LogicException('Unable to generate the logout URL without a path.');
+        }
+
         $parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array();
 
         if ('/' === $logoutPath[0]) {