[Security] Fix exception when use_referer option is true and referer is not set or empty
This commit is contained in:
parent
d74144fc0b
commit
a29e0694de
|
@ -118,12 +118,11 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
|
|||
return $targetUrl;
|
||||
}
|
||||
|
||||
if ($this->options['use_referer']) {
|
||||
$targetUrl = $request->headers->get('Referer');
|
||||
if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {
|
||||
if (false !== $pos = strpos($targetUrl, '?')) {
|
||||
$targetUrl = substr($targetUrl, 0, $pos);
|
||||
}
|
||||
if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
|
||||
if ($targetUrl && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
|
||||
return $targetUrl;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -83,6 +83,16 @@ class DefaultAuthenticationSuccessHandlerTest extends TestCase
|
|||
array(),
|
||||
'/',
|
||||
),
|
||||
'target path as referer when referer not set' => array(
|
||||
Request::create('/'),
|
||||
array('use_referer' => true),
|
||||
'/',
|
||||
),
|
||||
'target path as referer when referer is ?' => array(
|
||||
Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => '?')),
|
||||
array('use_referer' => true),
|
||||
'/',
|
||||
),
|
||||
'target path should be different than login URL' => array(
|
||||
Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login')),
|
||||
array('use_referer' => true, 'login_path' => '/login'),
|
||||
|
|
Reference in New Issue