Skip to content

Commit 8d9328e

Browse files
ossinkinenicolas-grekas
ossinkine
authored and
nicolas-grekas
committed
[Security] Fix false-string handling in RememberMeAuthenticator
1 parent 6791856 commit 8d9328e

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed

Authenticator/RememberMeAuthenticator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ public function supports(Request $request): ?bool
7070
return false;
7171
}
7272

73-
if (!$request->cookies->has($this->cookieName)) {
73+
if (!$request->cookies->has($this->cookieName) || !\is_scalar($request->cookies->all()[$this->cookieName] ?: null)) {
7474
return false;
7575
}
7676

Tests/Authenticator/RememberMeAuthenticatorTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,9 @@ public static function provideSupportsData()
6161
$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'rememberme']);
6262
$request->attributes->set(ResponseListener::COOKIE_ATTR_NAME, new Cookie('_remember_me_cookie', null));
6363
yield [$request, false];
64+
65+
$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']);
66+
yield [$request, false];
6467
}
6568

6669
public function testAuthenticate()

0 commit comments

Comments
 (0)