[Security] fixed HttpUtils::checkRequestPath() to not catch all exceptions (closes #2637)

2011-11-14 13:10:32 +01:00 · 2011-11-14 13:10:32 +01:00 · 0462a89562
commit 0462a89562
parent 769a1e3e0a
2 changed files with 22 additions and 2 deletions
--- a/src/Symfony/Component/Security/Http/HttpUtils.php
+++ b/src/Symfony/Component/Security/Http/HttpUtils.php
@ -16,6 +16,8 @@ use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;

 /**
 * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs.
@ -108,7 +110,9 @@ class HttpUtils
                $parameters = $this->router->match($request->getPathInfo());

                return $path === $parameters['_route'];
-            } catch (\Exception $e) {
+            } catch (MethodNotAllowedException $e) {
+                return false;
+            } catch (ResourceNotFoundException $e) {
                return false;
            }
        }
--- a/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
+++ b/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
@ -14,6 +14,7 @@ namespace Symfony\Tests\Component\Security\Http;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;

 class HttpUtilsTest extends \PHPUnit_Framework_TestCase
 {
@ -91,7 +92,7 @@ class HttpUtilsTest extends \PHPUnit_Framework_TestCase
        $router
            ->expects($this->any())
            ->method('match')
-            ->will($this->returnValue(array()))
+            ->will($this->throwException(new ResourceNotFoundException()))
        ;
        $utils = new HttpUtils($router);
        $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'foobar'));
@ -106,6 +107,21 @@ class HttpUtilsTest extends \PHPUnit_Framework_TestCase
        $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo/bar'), 'foobar'));
    }

+    /**
+     * @expectedException \RuntimeException
+     */
+    public function testCheckRequestPathWithRouterLoadingException()
+    {
+        $router = $this->getMock('Symfony\Component\Routing\RouterInterface');
+        $router
+            ->expects($this->any())
+            ->method('match')
+            ->will($this->throwException(new \RuntimeException()))
+        ;
+        $utils = new HttpUtils($router);
+        $utils->checkRequestPath($this->getRequest(), 'foobar');
+    }
+
    private function getRouter()
    {
        $router = $this->getMock('Symfony\Component\Routing\RouterInterface');