From 2fd8a7acf325b72c5f281e1d0704b415ad7a251f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 6 Sep 2013 15:29:34 +0200 Subject: [PATCH 1/2] [Security] fixed a leak in the ContextListener --- .../Component/Security/Http/Firewall/ContextListener.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index 8c718768fe..81ccbdc0dd 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -38,6 +38,7 @@ class ContextListener implements ListenerInterface private $logger; private $userProviders; private $dispatcher; + private $registered; public function __construct(SecurityContextInterface $context, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { @@ -65,8 +66,9 @@ class ContextListener implements ListenerInterface */ public function handle(GetResponseEvent $event) { - if (null !== $this->dispatcher && HttpKernelInterface::MASTER_REQUEST === $event->getRequestType()) { + if (!$this->registered && null !== $this->dispatcher && HttpKernelInterface::MASTER_REQUEST === $event->getRequestType()) { $this->dispatcher->addListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse')); + $this->registered = true; } $request = $event->getRequest(); From 899f1760a66d5b2653355f55da42e1b6659d4d2a Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 6 Sep 2013 15:51:21 +0200 Subject: [PATCH 2/2] [Security] fixed a leak in ExceptionListener --- .../Component/Security/Http/Firewall/ExceptionListener.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php index 0f81d1bf6c..b2c8862b72 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php @@ -76,6 +76,10 @@ class ExceptionListener */ public function onKernelException(GetResponseForExceptionEvent $event) { + // we need to remove ourselves as the exception listener can be + // different depending on the Request + $event->getDispatcher()->removeListener(KernelEvents::EXCEPTION, array($this, 'onKernelException')); + $exception = $event->getException(); $request = $event->getRequest();