[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
This commit is contained in:
parent
3b42ca9ae0
commit
de03cee846
@ -31,7 +31,7 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
$sessionOptions = $container->getParameter('session.storage.options');
|
$sessionOptions = $container->getParameter('session.storage.options');
|
||||||
$domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
|
$domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
|
||||||
$domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
|
$domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
|
||||||
|
|
||||||
$container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));
|
$container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));
|
||||||
|
Reference in New Issue
Block a user