From 1fc5df683b99374c7210d677f002f1dc9373c106 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@sensiolabs.de>
Date: Wed, 14 Feb 2018 10:05:17 +0100
Subject: [PATCH] fix accessing request values

---
 .../Http/Firewall/SimpleFormAuthenticationListener.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
index 1ec87da4cb1a..9d87c59c888e 100644
--- a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -119,9 +119,13 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        $requestBag = $this->options['post_only'] ? $request->request : $request;
-        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
-        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
+        if ($this->options['post_only']) {
+            $username = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
+            $password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
+        } else {
+            $username = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
+            $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
+        }
 
         if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));