diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-01-07 15:31:37 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-01-07 15:31:37 +0100 |
| commit | 73461e3f87d84dd07792abbb7acfd7c1cd99aefd (patch) | |
| tree | a84f525bbec2a873256daf9e6acbc74a3e0a85ea | |
| parent | 177960dbfb60771cabbafff1fa570f981b509009 (diff) | |
| parent | dc446ba3c9a71c06fea50ff71c0459899c23e237 (diff) | |
| download | symfony-security-73461e3f87d84dd07792abbb7acfd7c1cd99aefd.zip symfony-security-73461e3f87d84dd07792abbb7acfd7c1cd99aefd.tar.gz symfony-security-73461e3f87d84dd07792abbb7acfd7c1cd99aefd.tar.bz2 | |
Merge branch '2.5' into 2.6v2.6.3
* 2.5:
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
| -rw-r--r-- | Http/Session/SessionAuthenticationStrategy.php | 5 | ||||
| -rw-r--r-- | Http/Tests/Session/SessionAuthenticationStrategyTest.php | 17 |
2 files changed, 21 insertions, 1 deletions
diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index dd258a0..ccfa6ba 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte return; case self::MIGRATE: - $request->getSession()->migrate(true); + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See php bug #63379 + $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); return; diff --git a/Http/Tests/Session/SessionAuthenticationStrategyTest.php b/Http/Tests/Session/SessionAuthenticationStrategyTest.php index a1f960f..4aef4b2 100644 --- a/Http/Tests/Session/SessionAuthenticationStrategyTest.php +++ b/Http/Tests/Session/SessionAuthenticationStrategyTest.php @@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase public function testSessionIsMigrated() { + if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) { + $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.'); + } + $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); $session->expects($this->once())->method('migrate')->with($this->equalTo(true)); @@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase $strategy->onAuthentication($this->getRequest($session), $this->getToken()); } + public function testSessionIsMigratedWithPhp54Workaround() + { + if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) { + $this->markTestSkipped('This PHP version is not affected.'); + } + + $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); + $session->expects($this->once())->method('migrate')->with($this->equalTo(false)); + + $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE); + $strategy->onAuthentication($this->getRequest($session), $this->getToken()); + } + public function testSessionIsInvalidated() { $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); |