From 87c2bc2e4a6949a41ce7b1e9032afa223ad5acce Mon Sep 17 00:00:00 2001 From: Gocha Ossinkine Date: Tue, 6 Jun 2023 18:59:29 +0300 Subject: [PATCH] [Security] Fix false-string handling in RememberMeAuthenticator --- .../Security/Http/Authenticator/RememberMeAuthenticator.php | 2 +- .../Http/Tests/Authenticator/RememberMeAuthenticatorTest.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php index a7d7f01a4df52..f2571baac81f4 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php @@ -70,7 +70,7 @@ public function supports(Request $request): ?bool return false; } - if (!$request->cookies->has($this->cookieName)) { + if (!$request->cookies->has($this->cookieName) || !\is_scalar($request->cookies->all()[$this->cookieName] ?: null)) { return false; } diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php index 302def675391b..55bdba53988b2 100644 --- a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php @@ -61,6 +61,9 @@ public static function provideSupportsData() $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'rememberme']); $request->attributes->set(ResponseListener::COOKIE_ATTR_NAME, new Cookie('_remember_me_cookie', null)); yield [$request, false]; + + $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']); + yield [$request, false]; } public function testAuthenticate()