From 0462a895620bee27053c7b2444f7a31fed69db9b Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien.potencier@gmail.com>
Date: Mon, 14 Nov 2011 13:10:32 +0100
Subject: [PATCH] [Security] fixed HttpUtils::checkRequestPath() to not catch
 all exceptions (closes #2637)

---
 .../Component/Security/Http/HttpUtils.php      |  6 +++++-
 .../Component/Security/Http/HttpUtilsTest.php  | 18 +++++++++++++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php
index 78d65c56b009..cac130ed9712 100644
--- a/src/Symfony/Component/Security/Http/HttpUtils.php
+++ b/src/Symfony/Component/Security/Http/HttpUtils.php
@@ -16,6 +16,8 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 
 /**
  * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs.
@@ -108,7 +110,9 @@ public function checkRequestPath(Request $request, $path)
                 $parameters = $this->router->match($request->getPathInfo());
 
                 return $path === $parameters['_route'];
-            } catch (\Exception $e) {
+            } catch (MethodNotAllowedException $e) {
+                return false;
+            } catch (ResourceNotFoundException $e) {
                 return false;
             }
         }
diff --git a/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php b/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
index 4bea58e8e2bb..201a1cae687c 100644
--- a/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
+++ b/tests/Symfony/Tests/Component/Security/Http/HttpUtilsTest.php
@@ -14,6 +14,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 
 class HttpUtilsTest extends \PHPUnit_Framework_TestCase
 {
@@ -91,7 +92,7 @@ public function testCheckRequestPath()
         $router
             ->expects($this->any())
             ->method('match')
-            ->will($this->returnValue(array()))
+            ->will($this->throwException(new ResourceNotFoundException()))
         ;
         $utils = new HttpUtils($router);
         $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'foobar'));
@@ -106,6 +107,21 @@ public function testCheckRequestPath()
         $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo/bar'), 'foobar'));
     }
 
+    /**
+     * @expectedException \RuntimeException
+     */
+    public function testCheckRequestPathWithRouterLoadingException()
+    {
+        $router = $this->getMock('Symfony\Component\Routing\RouterInterface');
+        $router
+            ->expects($this->any())
+            ->method('match')
+            ->will($this->throwException(new \RuntimeException()))
+        ;
+        $utils = new HttpUtils($router);
+        $utils->checkRequestPath($this->getRequest(), 'foobar');
+    }
+
     private function getRouter()
     {
         $router = $this->getMock('Symfony\Component\Routing\RouterInterface');