[Security] LogoutListener should not invoke handlers' logout() method…

… if token is empty If a user was not authenticated and visited the logout path, a null value was passed to the handler's logout() method, resulting in a catchable fatal error.
symfony · Dec 30, 2010 · 46b1b5b · 46b1b5b
1 parent 8800a9a
commit 46b1b5b
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/src/Symfony/Component/HttpKernel/Security/Firewall/LogoutListener.php b/src/Symfony/Component/HttpKernel/Security/Firewall/LogoutListener.php
@@ -27,7 +27,7 @@ class LogoutListener implements ListenerInterface
     protected $securityContext;
     protected $logoutPath;
     protected $targetUrl;
-    protected $handlers;    
+    protected $handlers;
 
     /**
      * Constructor
@@ -43,17 +43,17 @@ public function __construct(SecurityContext $securityContext, $logoutPath, $targ
         $this->targetUrl = $targetUrl;
         $this->handlers = array();
     }
-    
+
     /**
      * Adds a logout handler
-     * 
+     *
      * @param LogoutHandlerInterface $handler
      * @return void
      */
     public function addHandler(LogoutHandlerInterface $handler)
     {
         $this->handlers[] = $handler;
-    }    
+    }
 
     /**
      * Registers a core.security listener.
@@ -65,14 +65,14 @@ public function register(EventDispatcher $dispatcher)
     {
         $dispatcher->connect('core.security', array($this, 'handle'), 0);
     }
-    
+
     /**
      * {@inheritDoc}
      */
     public function unregister(EventDispatcher $dispatcher)
     {
     }
-    
+
     /**
      * Performs the logout if requested
      *
@@ -85,16 +85,16 @@ public function handle(Event $event)
         if ($this->logoutPath !== $request->getPathInfo()) {
             return;
         }
-        
+
         $response = new Response();
         $response->setRedirect(0 !== strpos($this->targetUrl, 'http') ? $request->getUriForPath($this->targetUrl) : $this->targetUrl, 302);
-        
-        $token = $this->securityContext->getToken();
-
-        foreach ($this->handlers as $handler) {
-            $handler->logout($request, $response, $token);
+
+        if ($token = $this->securityContext->getToken()) {
+            foreach ($this->handlers as $handler) {
+                $handler->logout($request, $response, $token);
+            }
         }
-        
+
         $this->securityContext->setToken(null);
         $event->setReturnValue($response);