diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #29981 [Security] Complain about an empty decision strategy (corphi)

Browse Source 
This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Complain about an empty decision strategy

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

When an empty string is passed (or objects with a similarly behaving `__toString()` method) to the constructor, the call to `decide` causes infinite recursion.

Commits
-------

3a22cad29b Fix infinite recursion when passed an empty string
This commit is contained in:
Fabien Potencier 2019-02-21 09:28:33 +01:00
commit 68d5597125
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
View File

@ -43,7 +43,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
public function __construct($voters = [], $strategy = self::STRATEGY_AFFIRMATIVE, $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
{
$strategyMethod = 'decide'.ucfirst($strategy);
if (!\is_callable([$this, $strategyMethod])) {
if ('' === $strategy || !\is_callable([$this, $strategyMethod])) {
throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));
}