diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-02-14 18:06:20 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2011-02-14 20:55:06 +0100 |
| commit | d3fb2712958c7221ffcc237cf820aa7a3184dd0c (patch) | |
| tree | 0b3723a87a0b298adbc9cc2a803d06212885e79e /Http/Firewall | |
| parent | 1accc593337aeaf814c203165e5b50521a9a3d22 (diff) | |
| download | symfony-security-d3fb2712958c7221ffcc237cf820aa7a3184dd0c.zip symfony-security-d3fb2712958c7221ffcc237cf820aa7a3184dd0c.tar.gz symfony-security-d3fb2712958c7221ffcc237cf820aa7a3184dd0c.tar.bz2 | |
[Security] fixes a bug where authentication errors might have leaked confidential information
Diffstat (limited to 'Http/Firewall')
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index a79e63b..46dbf6d 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\EventDispatcher\Event; - use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; @@ -173,7 +172,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $this->options['check_path'] === $request->getPathInfo(); } - protected function onFailure($event, Request $request, \Exception $failed) + protected function onFailure($event, Request $request, AuthenticationException $failed) { if (null !== $this->logger) { $this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage())); @@ -195,7 +194,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } $subRequest = Request::create($this->options['failure_path']); - $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed->getMessage()); + $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); return $event->getSubject()->handle($subRequest, HttpKernelInterface::SUB_REQUEST); } else { @@ -203,7 +202,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path'])); } - $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed->getMessage()); + $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); $response = new Response(); $response->setRedirect(0 !== strpos($this->options['failure_path'], 'http') ? $request->getUriForPath($this->options['failure_path']) : $this->options['failure_path'], 302); |