[Security] fixed HttpUtils::checkRequestPath() to not catch all excep…

…tions (closes #2637)
symfony · Nov 14, 2011 · 0462a89 · 0462a89
1 parent 769a1e3
commit 0462a89
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php
@@ -16,6 +16,8 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 
 /**
  * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs.
@@ -108,7 +110,9 @@ public function checkRequestPath(Request $request, $path)
                 $parameters = $this->router->match($request->getPathInfo());
 
                 return $path === $parameters['_route'];
-            } catch (\Exception $e) {
+            } catch (MethodNotAllowedException $e) {
+                return false;
+            } catch (ResourceNotFoundException $e) {
                 return false;
             }
         }

diff --git a/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php b/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
@@ -14,6 +14,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 
 class HttpUtilsTest extends \PHPUnit_Framework_TestCase
 {
@@ -91,7 +92,7 @@ public function testCheckRequestPath()
         $router
             ->expects($this->any())
             ->method('match')
-            ->will($this->returnValue(array()))
+            ->will($this->throwException(new ResourceNotFoundException()))
         ;
         $utils = new HttpUtils($router);
         $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'foobar'));
@@ -106,6 +107,21 @@ public function testCheckRequestPath()
         $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo/bar'), 'foobar'));
     }
 
+    /**
+     * @expectedException \RuntimeException
+     */
+    public function testCheckRequestPathWithRouterLoadingException()
+    {
+        $router = $this->getMock('Symfony\Component\Routing\RouterInterface');
+        $router
+            ->expects($this->any())
+            ->method('match')
+            ->will($this->throwException(new \RuntimeException()))
+        ;
+        $utils = new HttpUtils($router);
+        $utils->checkRequestPath($this->getRequest(), 'foobar');
+    }
+
     private function getRouter()
     {
         $router = $this->getMock('Symfony\Component\Routing\RouterInterface');