Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ae6c5d3

Browse files
chalasrchalasr
committed
bug #34788 [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass (fancyweb)
This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #34774 | License | MIT | Doc PR | - `%s` should be escaped, so it is dumped as `%%s` (it ends up being properly unescaped at load time, so the passed value to the service is the same). Commits ------- de03cee [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
2 parents 5807f5f + de03cee commit ae6c5d3

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ public function process(ContainerBuilder $container)
3131
}
3232

3333
$sessionOptions = $container->getParameter('session.storage.options');
34-
$domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
34+
$domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
3535
$domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
3636

3737
$container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));

0 commit comments

Comments
 (0)