NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Commitec1e4a2

committed

bug#60379 [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie (Seldaek)

This PR was squashed before being merged into the 6.4 branch.Discussion----------[Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie| Q | A| ------------- | ---| Branch? | 6.4| Bug fix? | yes| New feature? | no| Deprecations? | no| Issues | Fix #... | License | MITIf the remember me cookie is malformed like `"foo"` then the page crashes due tohttps://github.com/symfony/symfony/blob/7.3/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php#L39Not a huge deal but not very elegantCommits-------2eaa7ee [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie

2 parentsd39a0cf +2eaa7ee commitec1e4a2Copy full SHA for ec1e4a2

File tree

2 files changed

+22

-1

lines changed

src/Symfony/Component/Security/Http
- RememberMe
  - PersistentRememberMeHandler.php
- Tests/RememberMe
  - PersistentRememberMeHandlerTest.php

2 files changed

+22

-1

lines changed

`‎src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,12 @@ public function clearRememberMeCookie(): void`
`160`	`160`	`return;`
`161`	`161`	`}`
`162`	`162`
`163`		`-$rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);`
	`163`	`+try {`
	`164`	`+$rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);`
	`165`	`+ }catch (AuthenticationException) {`
	`166`	`+// malformed cookie should not fail the response and can be simply ignored`
	`167`	`+return;`
	`168`	`+ }`
`164`	`169`	`[$series] =explode(':',$rememberMeDetails->getValue());`
`165`	`170`	`$this->tokenProvider->deleteTokenBySeries($series);`
`166`	`171`	`}`

`‎src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,22 @@ public function testClearRememberMeCookie()`
`74`	`74`	`$this->assertNull($cookie->getValue());`
`75`	`75`	`}`
`76`	`76`
	`77`	`+publicfunctiontestClearRememberMeCookieMalformedCookie()`
	`78`	`+ {`
	`79`	`+$this->tokenProvider->expects($this->exactly(0))`
	`80`	`+ ->method('deleteTokenBySeries');`
	`81`	`+`
	`82`	`+$this->request->cookies->set('REMEMBERME','malformed');`
	`83`	`+`
	`84`	`+$this->handler->clearRememberMeCookie();`
	`85`	`+`
	`86`	`+$this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));`
	`87`	`+`
	`88`	`+/** @var Cookie $cookie */`
	`89`	`+$cookie =$this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);`
	`90`	`+$this->assertNull($cookie->getValue());`
	`91`	`+ }`
	`92`	`+`
`77`	`93`	`publicfunctiontestConsumeRememberMeCookieValid()`
`78`	`94`	`{`
`79`	`95`	`$this->tokenProvider->expects($this->any())`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitec1e4a2

File tree

2 files changed

2 files changed

`‎src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php`

`‎src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php`

0 commit comments