Skip to content

Commit dd674c5

Browse files
committed
minor #14670 [Security] TokenBasedRememberMeServices test to show why encoding username is required (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14670). Discussion ---------- [Security] TokenBasedRememberMeServices test to show why encoding username is required | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no 241538d shows that it's not actually tested, 257b796 reimplements it with test. I can remove the POC commit if it's not needed. Commits ------- 63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
2 parents 07a7592 + 6671cc5 commit dd674c5

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

RememberMe/TokenBasedRememberMeServices.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,8 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
123123
*/
124124
protected function generateCookieValue($class, $username, $expires, $password)
125125
{
126+
// $username is encoded because it might contain COOKIE_DELIMITER,
127+
// we assume other values don't
126128
return $this->encodeCookie(array(
127129
$class,
128130
base64_encode($username),

0 commit comments

Comments
 (0)