bug #22584 [Security] Avoid unnecessary route lookup for empty logout path (ro0NL)
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Avoid unnecessary route lookup for empty logout path
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no-ish
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
i first included this with #22572 where having `logout: { path: ~ }` makes more sense for disabling logout path matching/generation. But currently it's already allowed and causes an unneeded route lookup and url generation.
Commits
-------
2967807b14
[Security] Avoid unnecessary route lookup for empty logout path
This commit is contained in:
commit
2a288dba78
@ -135,6 +135,6 @@ class LogoutListener implements ListenerInterface
|
|||||||
*/
|
*/
|
||||||
protected function requiresLogout(Request $request)
|
protected function requiresLogout(Request $request)
|
||||||
{
|
{
|
||||||
return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
|
return isset($this->options['logout_path']) && $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -112,6 +112,10 @@ class LogoutUrlGenerator
|
|||||||
|
|
||||||
list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key];
|
list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager) = $this->listeners[$key];
|
||||||
|
|
||||||
|
if (null === $logoutPath) {
|
||||||
|
throw new \LogicException('Unable to generate the logout URL without a path.');
|
||||||
|
}
|
||||||
|
|
||||||
$parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array();
|
$parameters = null !== $csrfTokenManager ? array($csrfParameter => (string) $csrfTokenManager->getToken($csrfTokenId)) : array();
|
||||||
|
|
||||||
if ('/' === $logoutPath[0]) {
|
if ('/' === $logoutPath[0]) {
|
||||||
|
Reference in New Issue
Block a user