[Security] Fix for "Call to a member function getBaseUrl() on null" when generating a logout URL and there is no current request #27175
Conversation
generating a logout URL and there is no current request
| @@ -111,6 +111,10 @@ private function generateLogoutUrl($key, $referenceType) | ||
|
|
||
| $request = $this->requestStack->getCurrentRequest(); | ||
|
|
||
| if (!$request) { |
There was a problem hiding this comment.
How can there be no request at this stage? Could you create a small example application that allows to reproduce?
There was a problem hiding this comment.
After $response = $kernel->handle($request); in the front-controller Symfony\Component\HttpKernel\HttpKernel::finishRequest is executed and pops the request from the requestStack. The requestStack is now empty.
Events and other code that is executed after $kernel->handle (like terminate events) will find the empty requestStack, which is correct, there is no request anymore (response is already send).
There was a problem hiding this comment.
That's right, but why is the data collector triggered at this stage at all? Collection data should happen earlier during the kernel.response event.
There was a problem hiding this comment.
Finally, I found the problem why the data collection is triggered.
During the kernel.terminate the thrown exception is caught and forwarded to Symfony\Component\HttpKernel\HttpKernel::handleException, just like other exceptions in other phases of the request lifecycle.
The Symfony\Component\HttpKernel\EventListener\ExceptionListener dispatches a kernel.exception event, this event is listened by Symfony\Component\HttpKernel\EventListener\ExceptionListener.
Symfony\Component\HttpKernel\EventListener\ExceptionListener will start a new sub-request, all the normal kernel events are dispatched including kernel.response.
At this moment the data collection is triggered, Symfony\Component\HttpKernel\EventListener\ProfilerListener listens to the kernel.response event and starts the collection.
There was a problem hiding this comment.
When the subrequest is handled, it will be pushed onto the stack which therefore shouldn't be empty. So I still think we should first look into an example application that allows to reproduce the issue and see if there isn't another root cause.
There was a problem hiding this comment.
@maartendekeizer would you be able to provide a reproducer we could play with to see how this can arise?
There was a problem hiding this comment.
I can only reproduce it on IIS 10, used PHP 7.1.5 and PHP 7.1.18. Theire is no issue when I use Apache2 with PHP 7.1.18 or Nginx with PHP 7.1.18.
https://github.com/maartendekeizer/symfony-demo-for-27175
After checkout and run composer install, visit the page /secure, login with the button. Change src/EventListener/TestWithFailureSubscriber.php
- //$a->doSomeThing(); // uncomment this line to create an error
+ $a->doSomeThing(); // uncomment this line to create an error
Refresh the /secure page
There was a problem hiding this comment.
I cannot reproduce this behaviour with the built-in web server neither. Can you try to debug where the actual difference is when using IIS?
|
Can you extract the stack trace of the failure so we can see where things go possibly wrong? |
|
I add the following to LogoutUrlGenerator |
|
@maartendekeizer I am going to close here as I am convinced that this is not the right solution to your problem. If you manage to debug where there is the behaviour difference between Nginx/the built-in web server and IIS, please provide more details in #27174 and I happily take a look at it. Thank you for understanding. |
Adds a check if the request exists.