From e61553af4b4c57446dbc1f0937b995c7f6282dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Mon, 22 Mar 2021 20:26:15 +0100 Subject: [PATCH] Security hardening - Rate limiter --- src/Symfony/Component/RateLimiter/RateLimiterFactory.php | 2 +- .../Security/Http/RateLimiter/DefaultLoginRateLimiter.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/RateLimiter/RateLimiterFactory.php b/src/Symfony/Component/RateLimiter/RateLimiterFactory.php index 9fdbe474bf3ef..08b588b62cbb6 100644 --- a/src/Symfony/Component/RateLimiter/RateLimiterFactory.php +++ b/src/Symfony/Component/RateLimiter/RateLimiterFactory.php @@ -46,7 +46,7 @@ public function __construct(array $config, StorageInterface $storage, ?LockFacto public function create(?string $key = null): LimiterInterface { - $id = $this->config['id'].$key; + $id = $this->config['id'].'-'.$key; $lock = $this->lockFactory ? $this->lockFactory->createLock($id) : new NoLock(); switch ($this->config['policy']) { diff --git a/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php b/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php index cdf7109cf3ad4..783732e7d8e28 100644 --- a/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php +++ b/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php @@ -41,7 +41,7 @@ protected function getLimiters(Request $request): array { return [ $this->globalFactory->create($request->getClientIp()), - $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).$request->getClientIp()), + $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()), ]; } }