From 28ae62d037f44ecb2ca84cb9a90a8d9a64c6c7be Mon Sep 17 00:00:00 2001 From: Bob van de Vijver Date: Thu, 29 Jul 2021 11:16:12 +0200 Subject: [PATCH] [Security] Fix str_contains type mismatch in ChannelListener --- .../Http/Firewall/ChannelListener.php | 2 +- .../Tests/Firewall/ChannelListenerTest.php | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php index b357564864cd0..71459406614ab 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php @@ -51,7 +51,7 @@ public function supports(Request $request): ?bool if (null !== $this->logger) { if ('https' === $request->headers->get('X-Forwarded-Proto')) { $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)'); - } elseif (str_contains($request->headers->get('Forwarded'), 'proto=https')) { + } elseif (str_contains($request->headers->get('Forwarded', ''), 'proto=https')) { $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)'); } else { $this->logger->info('Redirecting to HTTPS.'); diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php index 5fab54c13227d..0153d30395d9c 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php @@ -12,6 +12,8 @@ namespace Symfony\Component\Security\Http\Tests\Firewall; use PHPUnit\Framework\TestCase; +use Psr\Log\NullLogger; +use Symfony\Component\HttpFoundation\HeaderBag; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\RequestEvent; @@ -153,4 +155,29 @@ public function testHandleWithSecuredRequestAndHttpChannel() $this->assertSame($response, $event->getResponse()); } + + public function testSupportsWithoutHeaders() + { + $request = $this->createMock(Request::class); + $request + ->expects($this->any()) + ->method('isSecure') + ->willReturn(false) + ; + $request->headers = new HeaderBag(); + + $accessMap = $this->createMock(AccessMapInterface::class); + $accessMap + ->expects($this->any()) + ->method('getPatterns') + ->with($this->equalTo($request)) + ->willReturn([[], 'https']) + ; + + $entryPoint = $this->createMock(AuthenticationEntryPointInterface::class); + + $listener = new ChannelListener($accessMap, $entryPoint, new NullLogger()); + + $this->assertTrue($listener->supports($request)); + } }