Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a2ebbe0

Browse filesBrowse files
lyrixxnicolas-grekas
lyrixx
authored and
nicolas-grekas
committed
[HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception
1 parent b815547 commit a2ebbe0
Copy full SHA for a2ebbe0

File tree

2 files changed

+17
-1
lines changed
Filter options

2 files changed

+17
-1
lines changed

‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
+6-1Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717

1818
namespace Symfony\Component\HttpKernel\HttpCache;
1919

20+
use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
2021
use Symfony\Component\HttpFoundation\Request;
2122
use Symfony\Component\HttpFoundation\Response;
2223
use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -715,7 +716,11 @@ private function getTraceKey(Request $request): string
715716
$path .= '?'.$qs;
716717
}
717718

718-
return $request->getMethod().' '.$path;
719+
try {
720+
return $request->getMethod().' '.$path;
721+
} catch (SuspiciousOperationException $e) {
722+
return '_BAD_METHOD_ '.$path;
723+
}
719724
}
720725

721726
/**

‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,17 @@ public function testPassesOnNonGetHeadRequests()
6161
$this->assertFalse($this->response->headers->has('Age'));
6262
}
6363

64+
public function testPassesSuspiciousMethodRequests()
65+
{
66+
$this->setNextResponse(200);
67+
$this->request('POST', '/', ['HTTP_X-HTTP-Method-Override' => '__CONSTRUCT']);
68+
$this->assertHttpKernelIsCalled();
69+
$this->assertResponseOk();
70+
$this->assertTraceNotContains('stale');
71+
$this->assertTraceNotContains('invalid');
72+
$this->assertFalse($this->response->headers->has('Age'));
73+
}
74+
6475
public function testInvalidatesOnPostPutDeleteRequests()
6576
{
6677
foreach (['post', 'put', 'delete'] as $method) {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.