Skip to content

Commit e306ec0

Browse files
GromNaNGromNaN
committed
Validate that _firewall_context attribute is in the map keys
1 parent 608415a commit e306ec0

File tree

2 files changed

+29
-2
lines changed

2 files changed

+29
-2
lines changed

src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@
1111

1212
namespace Symfony\Bundle\SecurityBundle\Security;
1313

14-
use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
14+
use Psr\Container\ContainerInterface;
15+
use Symfony\Bundle\SecurityBundle\Security\FirewallContext
1516
use Symfony\Component\Security\Http\FirewallMapInterface;
1617
use Symfony\Component\HttpFoundation\Request;
1718
use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -68,7 +69,14 @@ public function getFirewallConfig(Request $request)
6869
private function getFirewallContext(Request $request)
6970
{
7071
if ($request->attributes->has('_firewall_context')) {
71-
return $this->container->get($request->attributes->get('_firewall_context'));
72+
$storedContextId = $request->attributes->get('_firewall_context');
73+
foreach ($this->map as $contextId => $requestMatcher) {
74+
if ($contextId === $storedContextId) {
75+
return $this->container->get($contextId);
76+
}
77+
}
78+
79+
$request->attributes->remove('_firewall_context');
7280
}
7381

7482
foreach ($this->map as $contextId => $requestMatcher) {

src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020

2121
class FirewallMapTest extends TestCase
2222
{
23+
const ATTRIBUTE_FIREWALL_CONTEXT = '_firewall_context';
24+
2325
public function testGetListenersWithEmptyMap()
2426
{
2527
$request = new Request();
@@ -31,8 +33,24 @@ public function testGetListenersWithEmptyMap()
3133
$firewallMap = new FirewallMap($container, $map);
3234

3335
$this->assertEquals(array(array(), null), $firewallMap->getListeners($request));
36+
$this->assertNull($firewallMap->getFirewallConfig($request));
37+
$this->assertFalse($request->attributes->has(self::ATTRIBUTE_FIREWALL_CONTEXT));
38+
}
3439

40+
public function testGetListenersWithInvalidParameter()
41+
{
42+
$request = new Request();
43+
$request->attributes->set(self::ATTRIBUTE_FIREWALL_CONTEXT, 'foo');
44+
45+
$map = array();
46+
$container = $this->getMockBuilder(Container::class)->getMock();
47+
$container->expects($this->never())->method('get');
48+
49+
$firewallMap = new FirewallMap($container, $map);
50+
51+
$this->assertEquals(array(array(), null), $firewallMap->getListeners($request));
3552
$this->assertNull($firewallMap->getFirewallConfig($request));
53+
$this->assertFalse($request->attributes->has(self::ATTRIBUTE_FIREWALL_CONTEXT));
3654
}
3755

3856
public function testGetListeners()
@@ -57,5 +75,6 @@ public function testGetListeners()
5775

5876
$this->assertEquals(array('LISTENERS', 'EXCEPTION LISTENER'), $firewallMap->getListeners($request));
5977
$this->assertEquals('CONFIG', $firewallMap->getFirewallConfig($request));
78+
$this->assertEquals('security.firewall.map.context.foo', $request->attributes->get(self::ATTRIBUTE_FIREWALL_CONTEXT));
6079
}
6180
}

0 commit comments

Comments
 (0)