fix(security): ensure the 'route' index is set before attempting to use it

2017-06-20 16:21:01 +01:00 · 2017-06-20 16:21:01 +01:00 · 7ae578cc1a
parent f4172b0bff
commit 7ae578cc1a
2 changed files with 14 additions and 1 deletions
--- a/src/Symfony/Component/Security/Http/HttpUtils.php
+++ b/src/Symfony/Component/Security/Http/HttpUtils.php
@ -108,7 +108,7 @@ class HttpUtils
                    $parameters = $this->urlMatcher->match($request->getPathInfo());
                }

-                return $path === $parameters['_route'];
+                return isset($parameters['_route']) && $path === $parameters['_route'];
            } catch (MethodNotAllowedException $e) {
                return false;
            } catch (ResourceNotFoundException $e) {
--- a/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php
@ -221,6 +221,19 @@ class HttpUtilsTest extends TestCase
        $utils->checkRequestPath($this->getRequest(), 'foobar');
    }

+    public function testCheckPathWithoutRouteParam()
+    {
+        $urlMatcher = $this->getMockBuilder('Symfony\Component\Routing\Matcher\UrlMatcherInterface')->getMock();
+        $urlMatcher
+            ->expects($this->any())
+            ->method('match')
+            ->willReturn(array('_controller' => 'PathController'))
+        ;
+
+        $utils = new HttpUtils(null, $urlMatcher);
+        $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'path/index.html'));
+    }
+
    /**
     * @expectedException \InvalidArgumentException
     * @expectedExceptionMessage Matcher must either implement UrlMatcherInterface or RequestMatcherInterface