Skip to content
Permalink
Browse files

bug #29981 [Security] Complain about an empty decision strategy (corphi)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Complain about an empty decision strategy

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

When an empty string is passed (or objects with a similarly behaving `__toString()` method) to the constructor, the call to `decide` causes infinite recursion.

Commits
-------

3a22cad Fix infinite recursion when passed an empty string
  • Loading branch information...
fabpot committed Feb 21, 2019
2 parents da16b9c + 3a22cad commit 68d5597125f65f733f8d5aed58c83d75bdad1a53
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
@@ -43,7 +43,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
public function __construct($voters = [], $strategy = self::STRATEGY_AFFIRMATIVE, $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
{
$strategyMethod = 'decide'.ucfirst($strategy);
if (!\is_callable([$this, $strategyMethod])) {
if ('' === $strategy || !\is_callable([$this, $strategyMethod])) {
throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));
}

0 comments on commit 68d5597

Please sign in to comment.
You can’t perform that action at this time.