feature #19026 [Security] Strengthen comparison of target_url vs login_path (mrzard)

This PR was merged into the 3.3-dev branch. Discussion ---------- [Security] Strengthen comparison of target_url vs login_path | Q | A | | --- | --- | | Branch? | "master" | | Bug fix? | no | | New feature? | no | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #18862 | | License | MIT | | Doc PR | | Commits ------- ac9d75a09e [Security] Strengthen comparison of target_url vs login_path
2017-03-22 16:29:02 -07:00 · 2017-03-22 16:29:02 -07:00 · bafa8e29e0
commit bafa8e29e0
parent 6f998375ff ac9d75a09e
2 changed files with 22 additions and 2 deletions
--- a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
+++ b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
@ -122,7 +122,7 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
            return $targetUrl;
        }

-        if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
+        if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && parse_url($targetUrl, PHP_URL_PATH) !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
            return $targetUrl;
        }

--- a/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
@ -139,7 +139,7 @@ class DefaultAuthenticationSuccessHandlerTest extends TestCase
        $this->assertSame($response, $result);
    }

-    public function testRefererHasToBeDifferentThatLoginUrl()
+    public function testRefererHasToBeDifferentThanLoginUrl()
    {
        $options = array('use_referer' => true);

@ -159,6 +159,26 @@ class DefaultAuthenticationSuccessHandlerTest extends TestCase
        $this->assertSame($response, $result);
    }

+    public function testRefererWithoutParametersHasToBeDifferentThanLoginUrl()
+    {
+        $options = array('use_referer' => true);
+
+        $this->request->headers->expects($this->any())
+            ->method('get')->with('Referer')
+            ->will($this->returnValue('/subfolder/login?t=1&p=2'));
+
+        $this->httpUtils->expects($this->once())
+            ->method('generateUri')->with($this->request, '/login')
+            ->will($this->returnValue('/subfolder/login'));
+
+        $response = $this->expectRedirectResponse('/');
+
+        $handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options);
+        $result = $handler->onAuthenticationSuccess($this->request, $this->token);
+
+        $this->assertSame($response, $result);
+    }
+
    public function testRefererTargetPathIsIgnoredByDefault()
    {
        $this->request->headers->expects($this->never())->method('get');