diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()

Browse Source 
This closes #774, and fixes #772.
This commit is contained in:
Johannes Schmitt 2011-05-05 08:35:02 +02:00
parent c3084050a0
commit 362b7264d1
4 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UPDATE.md
View File

@ -120,6 +120,10 @@ beta1 to beta2
'allow_add' => true, 'allow_add' => true,
'allow_delete' => true, 'allow_delete' => true,
)); ));
* Request::hasSession() has been renamed to Request::hasPreviousSession(). The
method hasSession() still exists, but only checks if the request contains a
session object, not if the session was started in a previous request.
PR12 to beta1 PR12 to beta1
------------- -------------

2
src/Symfony/Bundle/FrameworkBundle/RequestListener.php
View File

@ -67,7 +67,7 @@ class RequestListener
} }
// starts the session if a session cookie already exists in the request... // starts the session if a session cookie already exists in the request...
if ($request->hasSession()) { if ($request->hasPreviousSession()) {
$request->getSession()->start(); $request->getSession()->start();
} }
} }

18
src/Symfony/Component/HttpFoundation/Request.php
View File

@ -308,12 +308,28 @@ class Request
return $this->session; return $this->session;
} }
public function hasSession() /**
* Whether the request contains a Session which was started in one of the
* previous requests.
*
* @return boolean
*/
public function hasPreviousSession()
{ {
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name // the check for $this->session avoids malicious users trying to fake a session cookie with proper name
return $this->cookies->has(session_name()) && null !== $this->session; return $this->cookies->has(session_name()) && null !== $this->session;
} }
/**
* Whether the request contains a Session object.
*
* @return boolean
*/
public function hasSession()
{
return null !== $this->session;
}
public function setSession(Session $session) public function setSession(Session $session)
{ {
$this->session = $session; $this->session = $session;

2
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
View File

@ -62,7 +62,7 @@ class ContextListener implements ListenerInterface
{ {
$request = $event->getRequest(); $request = $event->getRequest();
$session = $request->hasSession() ? $request->getSession() : null; $session = $request->hasPreviousSession() ? $request->getSession() : null;
if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) { if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
$this->context->setToken(null); $this->context->setToken(null);