From 6a01d3dd54ab5923b9572c30afdb24b9b9ec4833 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20Bj=C3=B8rnskov?= Date: Sat, 9 Jun 2012 13:28:23 +0200 Subject: [PATCH] [Security] Check post_only option and request method --- .../UsernamePasswordFormAuthenticationListener.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index bd2cec1faa..4bcb78551b 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL $this->csrfProvider = $csrfProvider; } + /** + * @{inheritdoc} + */ + protected function requiresAuthentication(Request $request) + { + if ($this->options['post_only'] && !$request->isMethod('post')) { + return false; + } + + return parent::requiresAuthentication($request); + } + /** * {@inheritdoc} */