diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Avoid unnecessary route lookup for empty logout path

Browse Source
This commit is contained in:
Roland Franssen 2017-04-29 20:05:30 +02:00
parent c84ee65b99
commit 2967807b14
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
View File

@ -135,6 +135,6 @@ class LogoutListener implements ListenerInterface
*/ */
protected function requiresLogout(Request $request) protected function requiresLogout(Request $request)
{ {
return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']); return isset($this->options['logout_path']) && $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
} }
} }

4
src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php
View File

@ -112,6 +112,10 @@ class LogoutUrlGenerator
list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key]; list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key];
if (null === $logoutPath) {
throw new \LogicException('Unable to generate the logout URL without a path.');
}
$parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array(); $parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array();
if ('/' === $logoutPath[0]) { if ('/' === $logoutPath[0]) {