diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-22 16:54:25 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-22 16:54:25 +0200 |
| commit | c0dd66dc286407d3e46528f02ad7a82158e3eef4 (patch) | |
| tree | c79c811bd53b15be50d6bc5c4a7796941f3820fb /Http/RememberMe/AbstractRememberMeServices.php | |
| parent | 432e908e87ee22f69eb079394d3ef8b2d6d62773 (diff) | |
| parent | c1c3818ea43fa8149223a4b55d694327d226e27b (diff) | |
| download | symfony-security-c0dd66dc286407d3e46528f02ad7a82158e3eef4.zip symfony-security-c0dd66dc286407d3e46528f02ad7a82158e3eef4.tar.gz symfony-security-c0dd66dc286407d3e46528f02ad7a82158e3eef4.tar.bz2 | |
Merge branch '2.6' into 2.7v2.7.0
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
Diffstat (limited to 'Http/RememberMe/AbstractRememberMeServices.php')
| -rw-r--r-- | Http/RememberMe/AbstractRememberMeServices.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php index 3ac584a..5df82fa 100644 --- a/Http/RememberMe/AbstractRememberMeServices.php +++ b/Http/RememberMe/AbstractRememberMeServices.php @@ -268,9 +268,17 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface * @param array $cookieParts * * @return string + * + * @throws \InvalidArgumentException When $cookieParts contain the cookie delimiter. Extending class should either remove or escape it. */ protected function encodeCookie(array $cookieParts) { + foreach ($cookieParts as $cookiePart) { + if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) { + throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s"', self::COOKIE_DELIMITER)); + } + } + return base64_encode(implode(self::COOKIE_DELIMITER, $cookieParts)); } |