Merge branch '2.2'

* 2.2: #7106 - fix for ZTS builds Added '@@' escaping strategy for YamlFileLoader and YamlDumper [Yaml] fixed bugs with folded scalar parsing [Form] made DefaultCsrfProvider using session_status() when available Added unit tests to Dumper Update .travis.yml (closes #7355) [HttpFoudantion] fixed Request::getPreferredLanguage() Revert "merged branch jfsimon/issue-6928 (PR #7378)" Routing issue with installation in a sub-directory ref: symfony/symfony#7129
symfony · Mar 23, 2013 · 7f85532 · 7f85532
2 parents 08663d3 + c5b78c3
commit 7f85532
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php b/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php
@@ -65,7 +65,11 @@ public function isCsrfTokenValid($intention, $token)
      */
     protected function getSessionId()
     {
-        if (!session_id()) {
+        if (version_compare(PHP_VERSION, '5.4', '>=')) {
+            if (PHP_SESSION_NONE === session_status()) {
+                session_start();
+            }
+        } elseif (!session_id()) {
             session_start();
         }
 

diff --git a/Tests/Extension/Csrf/CsrfProvider/DefaultCsrfProviderTest.php b/Tests/Extension/Csrf/CsrfProvider/DefaultCsrfProviderTest.php
@@ -22,7 +22,8 @@ class DefaultCsrfProviderTest extends \PHPUnit_Framework_TestCase
 
     public static function setUpBeforeClass()
     {
-        @session_start();
+        ini_set('session.save_handler', 'files');
+        ini_set('session.save_path', sys_get_temp_dir());
     }
 
     protected function setUp()
@@ -37,20 +38,42 @@ protected function tearDown()
 
     public function testGenerateCsrfToken()
     {
+        session_start();
+
+        $token = $this->provider->generateCsrfToken('foo');
+
+        $this->assertEquals(sha1('SECRET'.'foo'.session_id()), $token);
+    }
+
+    public function testGenerateCsrfTokenOnUnstartedSession()
+    {
+        session_id('touti');
+
+        if (!version_compare(PHP_VERSION, '5.4', '>=')) {
+            $this->markTestSkipped('This test requires PHP >= 5.4');
+        }
+
+        $this->assertSame(PHP_SESSION_NONE, session_status());
+
         $token = $this->provider->generateCsrfToken('foo');
 
         $this->assertEquals(sha1('SECRET'.'foo'.session_id()), $token);
+        $this->assertSame(PHP_SESSION_ACTIVE, session_status());
     }
 
     public function testIsCsrfTokenValidSucceeds()
     {
+        session_start();
+
         $token = sha1('SECRET'.'foo'.session_id());
 
         $this->assertTrue($this->provider->isCsrfTokenValid('foo', $token));
     }
 
     public function testIsCsrfTokenValidFails()
     {
+        session_start();
+
         $token = sha1('SECRET'.'bar'.session_id());
 
         $this->assertFalse($this->provider->isCsrfTokenValid('foo', $token));