diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2012-11-29 11:32:18 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2012-11-29 11:32:18 +0100 |
| commit | a013559f5a1503699f0b62fa56963a663c8dffea (patch) | |
| tree | 2ee9d0674de7aa01db1ffb2de4e501d4176d5dc3 /Http | |
| parent | 242119cc88c85b45eae1dd2a190ffef20e5e7914 (diff) | |
| parent | cc1f4e8659464d10fecd34f442c6509b76219010 (diff) | |
| download | symfony-security-a013559f5a1503699f0b62fa56963a663c8dffea.zip symfony-security-a013559f5a1503699f0b62fa56963a663c8dffea.tar.gz symfony-security-a013559f5a1503699f0b62fa56963a663c8dffea.tar.bz2 | |
Merge branch '2.0' into 2.1v2.1.4
* 2.0:
[DependencyInjection] fixed composer.json
[Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
fixed CS
small fix of #5984 when the container param is not set
fixed CS
Use better default ports in urlRedirectAction
Add tests for urlRedirectAction
Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
Update src/Symfony/Component/DomCrawler/Form.php
[Security] remove escape charters from username provided by Digest DigestAuthenticationListener
[Security] added test extra for digest authentication
fixed CS
[Security] Fixed digest authentication
[Security] Fixed digest authentication
[SecurityBundle] Convert Http method to uppercase in the config
Use Norm Data instead of Data
Conflicts:
src/Symfony/Bridge/Doctrine/Form/EventListener/MergeCollectionListener.php
src/Symfony/Bundle/FrameworkBundle/Controller/RedirectController.php
src/Symfony/Component/DependencyInjection/composer.json
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 5c529da..2bc4aa5 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -141,11 +141,12 @@ class DigestData public function __construct($header) { $this->header = $header; - $parts = preg_split('/, /', $header); + preg_match_all('/(\w+)=("((?:[^"\\\\]|\\\\.)+)"|([^\s,$]+))/', $header, $matches, PREG_SET_ORDER); $this->elements = array(); - foreach ($parts as $part) { - list($key, $value) = explode('=', $part); - $this->elements[$key] = '"' === $value[0] ? substr($value, 1, -1) : $value; + foreach ($matches as $match) { + if (isset($match[1]) && isset($match[3])) { + $this->elements[$match[1]] = isset($match[4]) ? $match[4] : $match[3]; + } } } @@ -156,7 +157,7 @@ class DigestData public function getUsername() { - return $this->elements['username']; + return strtr($this->elements['username'], array("\\\"" => "\"", "\\\\" => "\\")); } public function validateAndDecode($entryPointKey, $expectedRealm) @@ -188,7 +189,7 @@ class DigestData $this->nonceExpiryTime = $nonceTokens[0]; if (md5($this->nonceExpiryTime.':'.$entryPointKey) !== $nonceTokens[1]) { - new BadCredentialsException(sprintf('Nonce token compromised "%s".', $nonceAsPlainText)); + throw new BadCredentialsException(sprintf('Nonce token compromised "%s".', $nonceAsPlainText)); } } |