From 7ae578cc1acab2c44a6e2634cbbe59dc2518b3b5 Mon Sep 17 00:00:00 2001 From: Gavin Staniforth Date: Tue, 20 Jun 2017 16:21:01 +0100 Subject: [PATCH] fix(security): ensure the 'route' index is set before attempting to use it --- src/Symfony/Component/Security/Http/HttpUtils.php | 2 +- .../Component/Security/Http/Tests/HttpUtilsTest.php | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index ed737a2f61..56add79926 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -108,7 +108,7 @@ class HttpUtils $parameters = $this->urlMatcher->match($request->getPathInfo()); } - return $path === $parameters['_route']; + return isset($parameters['_route']) && $path === $parameters['_route']; } catch (MethodNotAllowedException $e) { return false; } catch (ResourceNotFoundException $e) { diff --git a/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php b/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php index 3d0e63b6fe..b508012665 100644 --- a/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php +++ b/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php @@ -221,6 +221,19 @@ class HttpUtilsTest extends TestCase $utils->checkRequestPath($this->getRequest(), 'foobar'); } + public function testCheckPathWithoutRouteParam() + { + $urlMatcher = $this->getMockBuilder('Symfony\Component\Routing\Matcher\UrlMatcherInterface')->getMock(); + $urlMatcher + ->expects($this->any()) + ->method('match') + ->willReturn(array('_controller' => 'PathController')) + ; + + $utils = new HttpUtils(null, $urlMatcher); + $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'path/index.html')); + } + /** * @expectedException \InvalidArgumentException * @expectedExceptionMessage Matcher must either implement UrlMatcherInterface or RequestMatcherInterface