diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
forked from https://github.com/symfony/symfony
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
49,144 Commits 24 Branches 563 Tags 228 MiB
PHP 98.7%
Twig 1.1%
CSS 0.1%
e5b5d9ea14
Go to file
Fabien Potencier e5b5d9ea14 bug #37031 [Security] Fixed PUBLIC_ACCESS in authenticated sessions (wouterj) 
This PR was merged into the 5.1 branch.

Discussion
----------

[Security] Fixed PUBLIC_ACCESS in authenticated sessions

| Q             | A
| ------------- | ---
| Branch?       | 5.1
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

Found while testing https://github.com/scheb/2fa/pull/8, sorry for not spotting it before the stable release 😞

Currently, authenticated users are denied access for pages that have `PUBLIC_ACCESS` set, as this attribute is only checked when no token was set. It should be checked for both cases.

Commits
-------

0ac530f460 Also check PUBLIC_ACCESS for authenticated tokens
2020-06-01 07:24:47 +02:00
.github Merge branch '5.0' into 5.1 2020-05-25 14:33:44 +02:00
src/Symfony bug #37031 [Security] Fixed PUBLIC_ACCESS in authenticated sessions (wouterj) 2020-06-01 07:24:47 +02:00
.appveyor.yml Merge branch '5.0' 2020-04-12 11:49:11 +02:00
.editorconfig Update .editorconfig 2018-09-06 16:22:56 +02:00
.gitignore Run the phpunit-bridge from a PR 2019-08-02 17:46:19 +02:00
.php_cs.dist Merge branch '4.4' 2019-11-05 18:15:52 +01:00
.travis.yml Merge branch '5.0' into 5.1 2020-05-30 22:35:19 +02:00
CHANGELOG-4.0.md Merge branch '3.4' into 4.1 2018-08-01 18:22:14 +02:00
CHANGELOG-4.1.md updated CHANGELOG for 4.1.10 2019-01-06 17:16:07 +01:00
CHANGELOG-4.2.md updated CHANGELOG for 4.2.10 2019-06-26 16:19:37 +02:00
CHANGELOG-4.3.md updated CHANGELOG for 4.3.10 2020-01-21 14:13:32 +01:00
CHANGELOG-4.4.md updated CHANGELOG for 4.4.8 2020-04-28 20:47:32 +02:00
CHANGELOG-5.0.md Merge branch '5.0' 2020-05-04 16:13:31 +02:00
CHANGELOG-5.1.md updated CHANGELOG for 5.1.0 2020-05-31 08:14:11 +02:00
CODE_OF_CONDUCT.md Added the Code of Conduct file 2018-10-10 03:13:30 -07:00
composer.json Merge branch '4.4' into 5.0 2020-05-23 14:58:59 +02:00
CONTRIBUTING.md Mention the community review guide 2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md update CONTRIBUTORS for 3.4.40 2020-04-28 19:41:24 +02:00
LICENSE Update year in license files 2020-01-01 12:03:25 +01:00
link Add new packages on the link script 2020-03-04 17:45:35 +01:00
phpunit Remove patches for Doctrine bugs and deprecations 2020-05-08 11:45:13 +02:00
phpunit.xml.dist [Uid] minor improvements 2020-03-20 20:42:05 +01:00
README.md Improve Symfony description 2019-11-24 19:17:45 +01:00
UPGRADE-5.0.md Remove UPGRADE files for 4.x 2020-04-12 15:08:12 +02:00
UPGRADE-5.1.md Added deprecation for RememberMe services without logout() method 2020-05-16 13:05:23 +02:00
UPGRADE-6.0.md Added deprecation for RememberMe services without logout() method 2020-05-16 13:05:23 +02:00

README.md

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Documentation

Community

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.