From 28ae62d037f44ecb2ca84cb9a90a8d9a64c6c7be Mon Sep 17 00:00:00 2001
From: Bob van de Vijver <bobvandevijver@hotmail.com>
Date: Thu, 29 Jul 2021 11:16:12 +0200
Subject: [PATCH] [Security] Fix str_contains type mismatch in ChannelListener

---
 .../Http/Firewall/ChannelListener.php         |  2 +-
 .../Tests/Firewall/ChannelListenerTest.php    | 27 +++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
index b357564864cd0..71459406614ab 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
@@ -51,7 +51,7 @@ public function supports(Request $request): ?bool
             if (null !== $this->logger) {
                 if ('https' === $request->headers->get('X-Forwarded-Proto')) {
                     $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
-                } elseif (str_contains($request->headers->get('Forwarded'), 'proto=https')) {
+                } elseif (str_contains($request->headers->get('Forwarded', ''), 'proto=https')) {
                     $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
                 } else {
                     $this->logger->info('Redirecting to HTTPS.');
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php
index 5fab54c13227d..0153d30395d9c 100644
--- a/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php
@@ -12,6 +12,8 @@
 namespace Symfony\Component\Security\Http\Tests\Firewall;
 
 use PHPUnit\Framework\TestCase;
+use Psr\Log\NullLogger;
+use Symfony\Component\HttpFoundation\HeaderBag;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
@@ -153,4 +155,29 @@ public function testHandleWithSecuredRequestAndHttpChannel()
 
         $this->assertSame($response, $event->getResponse());
     }
+
+    public function testSupportsWithoutHeaders()
+    {
+        $request = $this->createMock(Request::class);
+        $request
+            ->expects($this->any())
+            ->method('isSecure')
+            ->willReturn(false)
+        ;
+        $request->headers = new HeaderBag();
+
+        $accessMap = $this->createMock(AccessMapInterface::class);
+        $accessMap
+            ->expects($this->any())
+            ->method('getPatterns')
+            ->with($this->equalTo($request))
+            ->willReturn([[], 'https'])
+        ;
+
+        $entryPoint = $this->createMock(AuthenticationEntryPointInterface::class);
+
+        $listener = new ChannelListener($accessMap, $entryPoint, new NullLogger());
+
+        $this->assertTrue($listener->supports($request));
+    }
 }