diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security #14759 n/a (jakzal) 

This PR was merged into the 2.3 branch.

Discussion
----------

n/a

n/a

Commits
-------

d320d27 [HttpKernel] Do not call the FragmentListener if _controller is already defined
This commit is contained in:
Fabien Potencier 2015-05-26 23:41:30 +02:00
parent ae2d062afc d320d27699
commit 64e9584fae
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
View File

@ -58,7 +58,7 @@ class FragmentListener implements EventSubscriberInterface
{
$request = $event->getRequest();
if ($this->fragmentPath !== rawurldecode($request->getPathInfo())) {
if ($request->attributes->has('_controller') || $this->fragmentPath !== rawurldecode($request->getPathInfo())) {
return;
}

20
src/Symfony/Component/HttpKernel/Tests/EventListener/FragmentListenerTest.php
View File

@ -34,6 +34,22 @@ class FragmentListenerTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($request->query->has('_path'));
}
public function testOnlyTriggeredIfControllerWasNotDefinedYet()
{
$request = Request::create('http://example.com/_fragment?_path=foo%3Dbar%26_controller%3Dfoo');
$request->attributes->set('_controller', 'bar');
$listener = new FragmentListener(new UriSigner('foo'));
$event = $this->createGetResponseEvent($request, HttpKernelInterface::SUB_REQUEST);
$expected = $request->attributes->all();
$listener->onKernelRequest($event);
$this->assertEquals($expected, $request->attributes->all());
}
/**
* @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
@ -74,8 +90,8 @@ class FragmentListenerTest extends \PHPUnit_Framework_TestCase
$this->assertFalse($request->query->has('_path'));
}
private function createGetResponseEvent(Request $request)
private function createGetResponseEvent(Request $request, $requestType = HttpKernelInterface::MASTER_REQUEST)
{
return new GetResponseEvent($this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'), $request, HttpKernelInterface::MASTER_REQUEST);
return new GetResponseEvent($this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'), $request, $requestType);
}
}