-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
[Security] Fix for "Call to a member function getBaseUrl() on null" when generating a logout URL and there is no current request #27175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
generating a logout URL and there is no current request
@@ -111,6 +111,10 @@ private function generateLogoutUrl($key, $referenceType) | ||
|
||
$request = $this->requestStack->getCurrentRequest(); | ||
|
||
if (!$request) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How can there be no request at this stage? Could you create a small example application that allows to reproduce?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After $response = $kernel->handle($request);
in the front-controller Symfony\Component\HttpKernel\HttpKernel::finishRequest
is executed and pops the request from the requestStack. The requestStack
is now empty.
Events and other code that is executed after $kernel->handle
(like terminate events) will find the empty requestStack
, which is correct, there is no request anymore (response is already send).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's right, but why is the data collector triggered at this stage at all? Collection data should happen earlier during the kernel.response
event.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finally, I found the problem why the data collection is triggered.
During the kernel.terminate
the thrown exception is caught and forwarded to Symfony\Component\HttpKernel\HttpKernel::handleException
, just like other exceptions in other phases of the request lifecycle.
The Symfony\Component\HttpKernel\EventListener\ExceptionListener
dispatches a kernel.exception
event, this event is listened by Symfony\Component\HttpKernel\EventListener\ExceptionListener
.
Symfony\Component\HttpKernel\EventListener\ExceptionListener
will start a new sub-request, all the normal kernel events are dispatched including kernel.response
.
At this moment the data collection is triggered, Symfony\Component\HttpKernel\EventListener\ProfilerListener
listens to the kernel.response
event and starts the collection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When the subrequest is handled, it will be pushed onto the stack which therefore shouldn't be empty. So I still think we should first look into an example application that allows to reproduce the issue and see if there isn't another root cause.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@maartendekeizer would you be able to provide a reproducer we could play with to see how this can arise?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can only reproduce it on IIS 10, used PHP 7.1.5 and PHP 7.1.18. Theire is no issue when I use Apache2 with PHP 7.1.18 or Nginx with PHP 7.1.18.
https://github.com/maartendekeizer/symfony-demo-for-27175
After checkout and run composer install, visit the page /secure, login with the button. Change src/EventListener/TestWithFailureSubscriber.php
- //$a->doSomeThing(); // uncomment this line to create an error
+ $a->doSomeThing(); // uncomment this line to create an error
Refresh the /secure page
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cannot reproduce this behaviour with the built-in web server neither. Can you try to debug where the actual difference is when using IIS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should target the 2.7 branch as it seems to me it is the lowest branch this issue is likely to happen.
Can you extract the stack trace of the failure so we can see where things go possibly wrong? |
I add the following to LogoutUrlGenerator
|
@maartendekeizer I am going to close here as I am convinced that this is not the right solution to your problem. If you manage to debug where there is the behaviour difference between Nginx/the built-in web server and IIS, please provide more details in #27174 and I happily take a look at it. Thank you for understanding. |
Adds a check if the request exists.