Ensure $request->hasSession() is always checked before calling getSession()
This commit is contained in:
parent
c7a09dcae6
commit
7b2c326719
@ -112,10 +112,9 @@ class AppVariable
|
|||||||
if (null === $this->requestStack) {
|
if (null === $this->requestStack) {
|
||||||
throw new \RuntimeException('The "app.session" variable is not available.');
|
throw new \RuntimeException('The "app.session" variable is not available.');
|
||||||
}
|
}
|
||||||
|
$request = $this->getRequest();
|
||||||
|
|
||||||
if ($request = $this->getRequest()) {
|
return $request && $request->hasSession() ? $request->getSession() : null;
|
||||||
return $request->getSession();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -157,8 +156,7 @@ class AppVariable
|
|||||||
public function getFlashes($types = null)
|
public function getFlashes($types = null)
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
$session = $this->getSession();
|
if (null === $session = $this->getSession()) {
|
||||||
if (null === $session) {
|
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
} catch (\RuntimeException $e) {
|
} catch (\RuntimeException $e) {
|
||||||
|
@ -51,6 +51,7 @@ class AppVariableTest extends TestCase
|
|||||||
public function testGetSession()
|
public function testGetSession()
|
||||||
{
|
{
|
||||||
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
|
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
|
||||||
|
$request->method('hasSession')->willReturn(true);
|
||||||
$request->method('getSession')->willReturn($session = new Session());
|
$request->method('getSession')->willReturn($session = new Session());
|
||||||
|
|
||||||
$this->setRequestStack($request);
|
$this->setRequestStack($request);
|
||||||
@ -267,6 +268,7 @@ class AppVariableTest extends TestCase
|
|||||||
$session->method('getFlashBag')->willReturn($flashBag);
|
$session->method('getFlashBag')->willReturn($flashBag);
|
||||||
|
|
||||||
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
|
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
|
||||||
|
$request->method('hasSession')->willReturn(true);
|
||||||
$request->method('getSession')->willReturn($session);
|
$request->method('getSession')->willReturn($session);
|
||||||
$this->setRequestStack($request);
|
$this->setRequestStack($request);
|
||||||
|
|
||||||
|
@ -75,9 +75,9 @@ class GlobalVariables
|
|||||||
*/
|
*/
|
||||||
public function getSession()
|
public function getSession()
|
||||||
{
|
{
|
||||||
if ($request = $this->getRequest()) {
|
$request = $this->getRequest();
|
||||||
return $request->getSession();
|
|
||||||
}
|
return $request && $request->hasSession() ? $request->getSession() : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -123,7 +123,7 @@ class ProfilerController
|
|||||||
throw new NotFoundHttpException('The profiler must be enabled.');
|
throw new NotFoundHttpException('The profiler must be enabled.');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request->hasSession() && ($session = $request->getSession()) && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
|
if ($request->hasSession() && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
|
||||||
// keep current flashes for one more request if using AutoExpireFlashBag
|
// keep current flashes for one more request if using AutoExpireFlashBag
|
||||||
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
|
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
|
||||||
}
|
}
|
||||||
|
@ -88,8 +88,7 @@ class WebDebugToolbarListener implements EventSubscriberInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects && 'html' === $request->getRequestFormat()) {
|
if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects && 'html' === $request->getRequestFormat()) {
|
||||||
$session = $request->getSession();
|
if ($request->hasSession() && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
|
||||||
if (null !== $session && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
|
|
||||||
// keep current flashes for one more request if using AutoExpireFlashBag
|
// keep current flashes for one more request if using AutoExpireFlashBag
|
||||||
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
|
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
|
||||||
}
|
}
|
||||||
|
@ -46,8 +46,7 @@ abstract class AbstractTestSessionListener implements EventSubscriberInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
// bootstrap the session
|
// bootstrap the session
|
||||||
$session = $this->getSession();
|
if (!$session = $this->getSession()) {
|
||||||
if (!$session) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,8 +30,8 @@ class SaveSessionListener implements EventSubscriberInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$session = $event->getRequest()->getSession();
|
$request = $event->getRequest();
|
||||||
if ($session && $session->isStarted()) {
|
if ($request->hasSession() && ($session = $request->getSession())->isStarted()) {
|
||||||
$session->save();
|
$session->save();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -38,12 +38,11 @@ class AuthenticationUtils
|
|||||||
public function getLastAuthenticationError($clearSession = true)
|
public function getLastAuthenticationError($clearSession = true)
|
||||||
{
|
{
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$session = $request->getSession();
|
|
||||||
$authenticationException = null;
|
$authenticationException = null;
|
||||||
|
|
||||||
if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
|
if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
|
||||||
$authenticationException = $request->attributes->get(Security::AUTHENTICATION_ERROR);
|
$authenticationException = $request->attributes->get(Security::AUTHENTICATION_ERROR);
|
||||||
} elseif (null !== $session && $session->has(Security::AUTHENTICATION_ERROR)) {
|
} elseif ($request->hasSession() && ($session = $request->getSession())->has(Security::AUTHENTICATION_ERROR)) {
|
||||||
$authenticationException = $session->get(Security::AUTHENTICATION_ERROR);
|
$authenticationException = $session->get(Security::AUTHENTICATION_ERROR);
|
||||||
|
|
||||||
if ($clearSession) {
|
if ($clearSession) {
|
||||||
@ -65,9 +64,7 @@ class AuthenticationUtils
|
|||||||
return $request->attributes->get(Security::LAST_USERNAME, '');
|
return $request->attributes->get(Security::LAST_USERNAME, '');
|
||||||
}
|
}
|
||||||
|
|
||||||
$session = $request->getSession();
|
return $request->hasSession() ? $request->getSession()->get(Security::LAST_USERNAME, '') : '';
|
||||||
|
|
||||||
return null === $session ? '' : $session->get(Security::LAST_USERNAME, '');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -90,7 +90,7 @@ class ContextListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
$request = $event->getRequest();
|
$request = $event->getRequest();
|
||||||
$session = $request->hasPreviousSession() ? $request->getSession() : null;
|
$session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
|
||||||
|
|
||||||
if (null === $session || null === $token = $session->get($this->sessionKey)) {
|
if (null === $session || null === $token = $session->get($this->sessionKey)) {
|
||||||
$this->tokenStorage->setToken(null);
|
$this->tokenStorage->setToken(null);
|
||||||
@ -137,14 +137,14 @@ class ContextListener implements ListenerInterface
|
|||||||
|
|
||||||
$this->dispatcher->removeListener(KernelEvents::RESPONSE, [$this, 'onKernelResponse']);
|
$this->dispatcher->removeListener(KernelEvents::RESPONSE, [$this, 'onKernelResponse']);
|
||||||
$this->registered = false;
|
$this->registered = false;
|
||||||
$session = $request->getSession();
|
$token = $this->tokenStorage->getToken();
|
||||||
|
|
||||||
if ((null === $token = $this->tokenStorage->getToken()) || $this->trustResolver->isAnonymous($token)) {
|
if (null === $token || $this->trustResolver->isAnonymous($token)) {
|
||||||
if ($request->hasPreviousSession()) {
|
if ($request->hasPreviousSession() && $request->hasSession()) {
|
||||||
$session->remove($this->sessionKey);
|
$request->getSession()->remove($this->sessionKey);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$session->set($this->sessionKey, serialize($token));
|
$request->getSession()->set($this->sessionKey, serialize($token));
|
||||||
|
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Stored the security token in the session.', ['key' => $this->sessionKey]);
|
$this->logger->debug('Stored the security token in the session.', ['key' => $this->sessionKey]);
|
||||||
|
Reference in New Issue
Block a user