Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 28ae62d

Browse filesBrowse files
bobvandevijverfabpot
bobvandevijver
authored and
fabpot
committed
[Security] Fix str_contains type mismatch in ChannelListener
1 parent 11e76c9 commit 28ae62d
Copy full SHA for 28ae62d

File tree

Expand file treeCollapse file tree

2 files changed

+28
-1
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+28
-1
lines changed

‎src/Symfony/Component/Security/Http/Firewall/ChannelListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ public function supports(Request $request): ?bool
5151
if (null !== $this->logger) {
5252
if ('https' === $request->headers->get('X-Forwarded-Proto')) {
5353
$this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
54-
} elseif (str_contains($request->headers->get('Forwarded'), 'proto=https')) {
54+
} elseif (str_contains($request->headers->get('Forwarded', ''), 'proto=https')) {
5555
$this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
5656
} else {
5757
$this->logger->info('Redirecting to HTTPS.');

‎src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php
+27Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212
namespace Symfony\Component\Security\Http\Tests\Firewall;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Psr\Log\NullLogger;
16+
use Symfony\Component\HttpFoundation\HeaderBag;
1517
use Symfony\Component\HttpFoundation\Request;
1618
use Symfony\Component\HttpFoundation\Response;
1719
use Symfony\Component\HttpKernel\Event\RequestEvent;
@@ -153,4 +155,29 @@ public function testHandleWithSecuredRequestAndHttpChannel()
153155

154156
$this->assertSame($response, $event->getResponse());
155157
}
158+
159+
public function testSupportsWithoutHeaders()
160+
{
161+
$request = $this->createMock(Request::class);
162+
$request
163+
->expects($this->any())
164+
->method('isSecure')
165+
->willReturn(false)
166+
;
167+
$request->headers = new HeaderBag();
168+
169+
$accessMap = $this->createMock(AccessMapInterface::class);
170+
$accessMap
171+
->expects($this->any())
172+
->method('getPatterns')
173+
->with($this->equalTo($request))
174+
->willReturn([[], 'https'])
175+
;
176+
177+
$entryPoint = $this->createMock(AuthenticationEntryPointInterface::class);
178+
179+
$listener = new ChannelListener($accessMap, $entryPoint, new NullLogger());
180+
181+
$this->assertTrue($listener->supports($request));
182+
}
156183
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.