Security hardening - Rate limiter

2021-03-22 20:26:15 +01:00 · 2021-03-22 20:26:15 +01:00 · e61553af4b
commit e61553af4b
parent 7611d24e06
2 changed files with 2 additions and 2 deletions
--- a/src/Symfony/Component/RateLimiter/RateLimiterFactory.php
+++ b/src/Symfony/Component/RateLimiter/RateLimiterFactory.php
@ -46,7 +46,7 @@ final class RateLimiterFactory

    public function create(?string $key = null): LimiterInterface
    {
-        $id = $this->config['id'].$key;
+        $id = $this->config['id'].'-'.$key;
        $lock = $this->lockFactory ? $this->lockFactory->createLock($id) : new NoLock();

        switch ($this->config['policy']) {
--- a/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php
+++ b/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php
@ -41,7 +41,7 @@ final class DefaultLoginRateLimiter extends AbstractRequestRateLimiter
    {
        return [
            $this->globalFactory->create($request->getClientIp()),
-            $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).$request->getClientIp()),
+            $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),
        ];
    }
 }