From de03cee8466d4e70c3dca7451002142b0631c617 Mon Sep 17 00:00:00 2001
From: Thomas Calvet <calvet.thomas@gmail.com>
Date: Tue, 3 Dec 2019 18:42:58 +0100
Subject: [PATCH] [SecurityBundle] Properly escape regex in
 AddSessionDomainConstraintPass

---
 .../Compiler/AddSessionDomainConstraintPass.php                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php
index 27098f8b19..7fd323a5f2 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php
@@ -31,7 +31,7 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface
         }
 
         $sessionOptions = $container->getParameter('session.storage.options');
-        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
+        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
         $domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
 
         $container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));