[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
This commit is contained in:
parent
30d161c0ae
commit
0c3b7d7b8d
@ -190,7 +190,7 @@ class BinaryFileResponse extends Response
|
|||||||
|
|
||||||
if (!$this->headers->has('Accept-Ranges')) {
|
if (!$this->headers->has('Accept-Ranges')) {
|
||||||
// Only accept ranges on safe HTTP methods
|
// Only accept ranges on safe HTTP methods
|
||||||
$this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
|
$this->headers->set('Accept-Ranges', $request->isMethodSafe(false) ? 'bytes' : 'none');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$this->headers->has('Content-Type')) {
|
if (!$this->headers->has('Content-Type')) {
|
||||||
|
@ -1466,11 +1466,13 @@ class Request
|
|||||||
/**
|
/**
|
||||||
* Checks whether the method is safe or not.
|
* Checks whether the method is safe or not.
|
||||||
*
|
*
|
||||||
|
* @param bool $andCacheable Adds the additional condition that the method should be cacheable. True by default.
|
||||||
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function isMethodSafe()
|
public function isMethodSafe(/* $andCacheable = true */)
|
||||||
{
|
{
|
||||||
return in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
|
return in_array($this->getMethod(), 0 < func_num_args() && !func_get_arg(0) ? array('GET', 'HEAD', 'OPTIONS', 'TRACE') : array('GET', 'HEAD'));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1929,7 +1929,7 @@ class RequestTest extends \PHPUnit_Framework_TestCase
|
|||||||
{
|
{
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$request->setMethod($method);
|
$request->setMethod($method);
|
||||||
$this->assertEquals($safe, $request->isMethodSafe());
|
$this->assertEquals($safe, $request->isMethodSafe(false));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function methodSafeProvider()
|
public function methodSafeProvider()
|
||||||
@ -1948,6 +1948,13 @@ class RequestTest extends \PHPUnit_Framework_TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testMethodSafeChecksCacheable()
|
||||||
|
{
|
||||||
|
$request = new Request();
|
||||||
|
$request->setMethod('OPTION');
|
||||||
|
$this->assertFalse($request->isMethodSafe());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider methodCacheableProvider
|
* @dataProvider methodCacheableProvider
|
||||||
*/
|
*/
|
||||||
|
@ -81,7 +81,7 @@ class FragmentListener implements EventSubscriberInterface
|
|||||||
protected function validateRequest(Request $request)
|
protected function validateRequest(Request $request)
|
||||||
{
|
{
|
||||||
// is the Request safe?
|
// is the Request safe?
|
||||||
if (!$request->isMethodSafe()) {
|
if (!$request->isMethodSafe(false)) {
|
||||||
throw new AccessDeniedHttpException();
|
throw new AccessDeniedHttpException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -202,7 +202,7 @@ class HttpCache implements HttpKernelInterface, TerminableInterface
|
|||||||
}
|
}
|
||||||
$this->traces[$request->getMethod().' '.$path] = array();
|
$this->traces[$request->getMethod().' '.$path] = array();
|
||||||
|
|
||||||
if (!$request->isMethodSafe()) {
|
if (!$request->isMethodSafe(false)) {
|
||||||
$response = $this->invalidate($request, $catch);
|
$response = $this->invalidate($request, $catch);
|
||||||
} elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
|
} elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
|
||||||
$response = $this->pass($request, $catch);
|
$response = $this->pass($request, $catch);
|
||||||
|
@ -209,7 +209,7 @@ class ExceptionListener
|
|||||||
protected function setTargetPath(Request $request)
|
protected function setTargetPath(Request $request)
|
||||||
{
|
{
|
||||||
// session isn't required when using HTTP basic authentication mechanism for example
|
// session isn't required when using HTTP basic authentication mechanism for example
|
||||||
if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
|
if ($request->hasSession() && $request->isMethodSafe(false) && !$request->isXmlHttpRequest()) {
|
||||||
$request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri());
|
$request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user