[Security] Avoid unnecessary route lookup for empty logout path
This commit is contained in:
parent
c84ee65b99
commit
2967807b14
@ -135,6 +135,6 @@ class LogoutListener implements ListenerInterface
|
||||
*/
|
||||
protected function requiresLogout(Request $request)
|
||||
{
|
||||
return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
|
||||
return isset($this->options['logout_path']) && $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
|
||||
}
|
||||
}
|
||||
|
@ -112,6 +112,10 @@ class LogoutUrlGenerator
|
||||
|
||||
list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key];
|
||||
|
||||
if (null === $logoutPath) {
|
||||
throw new \LogicException('Unable to generate the logout URL without a path.');
|
||||
}
|
||||
|
||||
$parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array();
|
||||
|
||||
if ('/' === $logoutPath[0]) {
|
||||
|
Reference in New Issue
Block a user