[Security] Fix exception when use_referer option is true and referer is not set or empty

src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php

@@ -118,12 +118,11 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
             return $targetUrl;
         }
 
-        if ($this->options['use_referer']) {
+        if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {
-            $targetUrl = $request->headers->get('Referer');
             if (false !== $pos = strpos($targetUrl, '?')) {
                 $targetUrl = substr($targetUrl, 0, $pos);
             }
-            if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
+            if ($targetUrl && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
                 return $targetUrl;
             }
         }

src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php

@@ -83,6 +83,16 @@ class DefaultAuthenticationSuccessHandlerTest extends TestCase
                 array(),
                 '/',
             ),
+            'target path as referer when referer not set' => array(
+                Request::create('/'),
+                array('use_referer' => true),
+                '/',
+            ),
+            'target path as referer when referer is ?' => array(
+                Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => '?')),
+                array('use_referer' => true),
+                '/',
+            ),
             'target path should be different than login URL' => array(
                 Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login')),
                 array('use_referer' => true, 'login_path' => '/login'),