bug symfony#24101 [Security] Fix exception when use_referer option is true and referer is not set or empty (linniksa)

fabpot · fabpot · commit b6a29a28db4b · 2017-09-07T07:52:52.000-07:00
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes symfony#24101). Discussion ---------- [Security] Fix exception when use_referer option is true and referer is not set or empty | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | License | MIT Commits ------- a29e069 [Security] Fix exception when use_referer option is true and referer is not set or empty
diff --git a/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
@@ -118,12 +118,11 @@ protected function determineTargetUrl(Request $request)
             return $targetUrl;
         }
 
-        if ($this->options['use_referer']) {
-            $targetUrl = $request->headers->get('Referer');
+        if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {
             if (false !== $pos = strpos($targetUrl, '?')) {
                 $targetUrl = substr($targetUrl, 0, $pos);
             }
-            if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
+            if ($targetUrl && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
                 return $targetUrl;
             }
         }
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
@@ -83,6 +83,16 @@ public function getRequestRedirections()
                 array(),
                 '/',
             ),
+            'target path as referer when referer not set' => array(
+                Request::create('/'),
+                array('use_referer' => true),
+                '/',
+            ),
+            'target path as referer when referer is ?' => array(
+                Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => '?')),
+                array('use_referer' => true),
+                '/',
+            ),
             'target path should be different than login URL' => array(
                 Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login')),
                 array('use_referer' => true, 'login_path' => '/login'),

Original file line number	Diff line number	Diff line change
`@@ -118,12 +118,11 @@ protected function determineTargetUrl(Request $request)`
`118`	`118`	`return $targetUrl;`
`119`	`119`	`}`
`120`	`120`
`121`		`- if ($this->options['use_referer']) {`
`122`		`- $targetUrl = $request->headers->get('Referer');`
	`121`	`+ if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {`
`123`	`122`	`if (false !== $pos = strpos($targetUrl, '?')) {`
`124`	`123`	`$targetUrl = substr($targetUrl, 0, $pos);`
`125`	`124`	`}`
`126`		`- if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {`
	`125`	`+ if ($targetUrl && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {`
`127`	`126`	`return $targetUrl;`
`128`	`127`	`}`
`129`	`128`	`}`