Skip to content

Commit

Permalink
[Security] Fix false-string handling in RememberMeAuthenticator
Browse files Browse the repository at this point in the history
  • Loading branch information
@ossinkine @nicolas-grekas
ossinkine authored and nicolas-grekas committed Jul 7, 2023
1 parent 6791856 commit 8d9328e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Authenticator/RememberMeAuthenticator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public function supports(Request $request): ?bool
return false;
}

if (!$request->cookies->has($this->cookieName)) {
if (!$request->cookies->has($this->cookieName) || !\is_scalar($request->cookies->all()[$this->cookieName] ?: null)) {
return false;
}

Expand Down
3 changes: 3 additions & 0 deletions Tests/Authenticator/RememberMeAuthenticatorTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ public static function provideSupportsData()
$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'rememberme']);
$request->attributes->set(ResponseListener::COOKIE_ATTR_NAME, new Cookie('_remember_me_cookie', null));
yield [$request, false];

$request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']);
yield [$request, false];
}

public function testAuthenticate()
Expand Down

0 comments on commit 8d9328e

Please sign in to comment.