diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-21 06:28:27 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-21 06:28:27 +0200 |
| commit | a3fffdc56ce7a29745d3dea4800058de1a4edd84 (patch) | |
| tree | af7292249208a220c30f0ee8cacd8ddf989085ae /Core/Authentication | |
| parent | a9a1d5007c7157828e2f833964e7c54fd0b779a6 (diff) | |
| parent | 51f245f2684a0a819dcaff815f401494e63a582d (diff) | |
| download | symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.zip symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.tar.gz symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.tar.bz2 | |
bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
Diffstat (limited to 'Core/Authentication')
0 files changed, 0 insertions, 0 deletions