Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ensure $request->hasSession() is always checked before calling getSession() #32703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 30, 2019
Merged

Ensure $request->hasSession() is always checked before calling getSession() #32703

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions src/Symfony/Bridge/Twig/AppVariable.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,9 @@ public function getSession()
if (null === $this->requestStack) {
throw new \RuntimeException('The "app.session" variable is not available.');
}
$request = $this->getRequest();

if ($request = $this->getRequest()) {
return $request->getSession();
}
return $request && $request->hasSession() ? $request->getSession() : null;
}

/**
Expand Down Expand Up @@ -157,8 +156,7 @@ public function getDebug()
public function getFlashes($types = null)
{
try {
$session = $this->getSession();
if (null === $session) {
if (null === $session = $this->getSession()) {
return [];
}
} catch (\RuntimeException $e) {
Expand Down
2 changes: 2 additions & 0 deletions src/Symfony/Bridge/Twig/Tests/AppVariableTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public function testEnvironment()
public function testGetSession()
{
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
$request->method('hasSession')->willReturn(true);
$request->method('getSession')->willReturn($session = new Session());

$this->setRequestStack($request);
Expand Down Expand Up @@ -267,6 +268,7 @@ private function setFlashMessages($sessionHasStarted = true)
$session->method('getFlashBag')->willReturn($flashBag);

$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
$request->method('hasSession')->willReturn(true);
$request->method('getSession')->willReturn($session);
$this->setRequestStack($request);

Expand Down
6 changes: 3 additions & 3 deletions src/Symfony/Bundle/FrameworkBundle/Templating/GlobalVariables.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,9 @@ public function getRequest()
*/
public function getSession()
{
if ($request = $this->getRequest()) {
return $request->getSession();
}
$request = $this->getRequest();

return $request && $request->hasSession() ? $request->getSession() : null;
}

/**
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ public function toolbarAction(Request $request, $token)
throw new NotFoundHttpException('The profiler must be enabled.');
}

if ($request->hasSession() && ($session = $request->getSession()) && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
if ($request->hasSession() && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
// keep current flashes for one more request if using AutoExpireFlashBag
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
}
Expand Down
3 changes: 1 addition & 2 deletions src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,7 @@ public function onKernelResponse(FilterResponseEvent $event)
}

if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects && 'html' === $request->getRequestFormat()) {
$session = $request->getSession();
if (null !== $session && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
if ($request->hasSession() && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
// keep current flashes for one more request if using AutoExpireFlashBag
$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
}
Expand Down
3 changes: 1 addition & 2 deletions src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,7 @@ public function onKernelRequest(GetResponseEvent $event)
}

// bootstrap the session
$session = $this->getSession();
if (!$session) {
if (!$session = $this->getSession()) {
return;
}

Expand Down
4 changes: 2 additions & 2 deletions src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ public function onKernelResponse(FilterResponseEvent $event)
return;
}

$session = $event->getRequest()->getSession();
if ($session && $session->isStarted()) {
$request = $event->getRequest();
if ($request->hasSession() && ($session = $request->getSession())->isStarted()) {
$session->save();
}
}
Expand Down
7 changes: 2 additions & 5 deletions src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,11 @@ public function __construct(RequestStack $requestStack)
public function getLastAuthenticationError($clearSession = true)
{
$request = $this->getRequest();
$session = $request->getSession();
$authenticationException = null;

if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
$authenticationException = $request->attributes->get(Security::AUTHENTICATION_ERROR);
} elseif (null !== $session && $session->has(Security::AUTHENTICATION_ERROR)) {
} elseif ($request->hasSession() && ($session = $request->getSession())->has(Security::AUTHENTICATION_ERROR)) {
$authenticationException = $session->get(Security::AUTHENTICATION_ERROR);

if ($clearSession) {
Expand All @@ -65,9 +64,7 @@ public function getLastUsername()
return $request->attributes->get(Security::LAST_USERNAME, '');
}

$session = $request->getSession();

return null === $session ? '' : $session->get(Security::LAST_USERNAME, '');
return $request->hasSession() ? $request->getSession()->get(Security::LAST_USERNAME, '') : '';
}

/**
Expand Down
12 changes: 6 additions & 6 deletions src/Symfony/Component/Security/Http/Firewall/ContextListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ public function __invoke(RequestEvent $event)
}

$request = $event->getRequest();
$session = $request->hasPreviousSession() ? $request->getSession() : null;
$session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;

if (null === $session || null === $token = $session->get($this->sessionKey)) {
$this->tokenStorage->setToken(null);
Expand Down Expand Up @@ -137,14 +137,14 @@ public function onKernelResponse(FilterResponseEvent $event)

$this->dispatcher->removeListener(KernelEvents::RESPONSE, [$this, 'onKernelResponse']);
$this->registered = false;
$session = $request->getSession();
$token = $this->tokenStorage->getToken();

if ((null === $token = $this->tokenStorage->getToken()) || $this->trustResolver->isAnonymous($token)) {
if ($request->hasPreviousSession()) {
$session->remove($this->sessionKey);
if (null === $token || $this->trustResolver->isAnonymous($token)) {
if ($request->hasPreviousSession() && $request->hasSession()) {
$request->getSession()->remove($this->sessionKey);
}
} else {
$session->set($this->sessionKey, serialize($token));
$request->getSession()->set($this->sessionKey, serialize($token));

if (null !== $this->logger) {
$this->logger->debug('Stored the security token in the session.', ['key' => $this->sessionKey]);
Expand Down