diff options
| author | Vincent Simonin <vincent.simonin@stockway.pro> | 2012-09-17 17:24:25 +0200 |
|---|---|---|
| committer | Sebastiaan Stok <s.stok@rollerscapes.net> | 2012-11-15 16:42:02 +0100 |
| commit | 66b591b312f9073b7e0d20eaf38ab3d48653043c (patch) | |
| tree | d716c9695886f25c0f1ac2fd61894444758cfd7e /Http | |
| parent | 4ca21e13afc5abe62fc0e72f89b25c250b1036b3 (diff) | |
| download | symfony-security-66b591b312f9073b7e0d20eaf38ab3d48653043c.zip symfony-security-66b591b312f9073b7e0d20eaf38ab3d48653043c.tar.gz symfony-security-66b591b312f9073b7e0d20eaf38ab3d48653043c.tar.bz2 | |
[Security] Fixed digest authentication
Digest authentication fail if digest parameters contains `=` character or `, ` string.
* Support escaped characters
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 8567a00..b679f4d 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -141,7 +141,7 @@ class DigestData public function __construct($header) { $this->header = $header; - preg_match_all('/(\w+)=("([^"]+)"|([^\s,$]+))/', $header, $matches, PREG_SET_ORDER); + preg_match_all('/(\w+)=("((?:[^"\\\\]|\\\\.)+)"|([^\s,$]+))/', $header, $matches, PREG_SET_ORDER); $this->elements = array(); foreach ($matches as $match) { if (isset($match[1]) && isset($match[3])) { |