Permalink
Browse files

[Security] fixed HttpUtils::checkRequestPath() to not catch all excep…

…tions (closes #2637)
  • Loading branch information...
1 parent 6b549aa commit 7f2e3570c00c06f45f9d960986f6096515f8b3f2 @fabpot fabpot committed Nov 14, 2011
Showing with 5 additions and 1 deletion.
  1. +5 −1 Http/HttpUtils.php
View
@@ -16,6 +16,8 @@
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
/**
* Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs.
@@ -108,7 +110,9 @@ public function checkRequestPath(Request $request, $path)
$parameters = $this->router->match($request->getPathInfo());
return $path === $parameters['_route'];
- } catch (\Exception $e) {
+ } catch (MethodNotAllowedException $e) {
+ return false;
+ } catch (ResourceNotFoundException $e) {
return false;
}
}

0 comments on commit 7f2e357

Please sign in to comment.