diff options
| author | Henrik Bjørnskov <henrik@bjrnskov.dk> | 2012-06-09 13:28:23 +0200 |
|---|---|---|
| committer | Henrik Bjørnskov <henrik@bjrnskov.dk> | 2012-06-09 16:16:43 +0200 |
| commit | 0d0202e9af2e2530467dcbe716cf8e8e50df1ef3 (patch) | |
| tree | b1dfe3a8d99265b4d2cae054eebe6351cd9c5100 | |
| parent | 02d2a6142ad1ab2e5f45bbf44263185da9b31d07 (diff) | |
| download | symfony-security-0d0202e9af2e2530467dcbe716cf8e8e50df1ef3.zip symfony-security-0d0202e9af2e2530467dcbe716cf8e8e50df1ef3.tar.gz symfony-security-0d0202e9af2e2530467dcbe716cf8e8e50df1ef3.tar.bz2 | |
[Security] Check post_only option and request method
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index bd2cec1..4bcb785 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -51,6 +51,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } /** + * @{inheritdoc} + */ + protected function requiresAuthentication(Request $request) + { + if ($this->options['post_only'] && !$request->isMethod('post')) { + return false; + } + + return parent::requiresAuthentication($request); + } + + /** * {@inheritdoc} */ protected function attemptAuthentication(Request $request) |