Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute #42596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 17, 2021
Merged

[Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute #42596

merged 1 commit into from
Aug 17, 2021

Conversation

wouterj
Copy link
Member

@wouterj wouterj commented Aug 17, 2021
edited
Loading

Q A
Branch? 5.3
Bug fix? yes
New feature? no
Deprecations? no
Tickets Ref #41613 (comment)
License MIT
Doc PR -

PUBLIC_ACCESS is the new IS_AUTHENTICATED_ANONYMOUSLY since 5.2, but we didn't correctly check for this causing a private cache directive for a stateless page.

This PR also includes 2 changes from #42595 that could be backported to 5.3

@wouterj wouterj requested a review from chalasr as a code owner August 17, 2021 12:07
@wouterj wouterj changed the base branch from 5.4 to 5.3 August 17, 2021 12:07
@wouterj wouterj added this to the 5.3 milestone Aug 17, 2021
@wouterj wouterj mentioned this pull request Aug 17, 2021
Merged
@wouterj wouterj force-pushed the pull-41613/backport-53 branch from 91c66dc to a7b370f Compare August 17, 2021 12:12
@wouterj wouterj mentioned this pull request Aug 17, 2021
Merged
wouterj
wouterj commented Aug 17, 2021
View reviewed changes
src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
@@ -50,7 +50,7 @@ public function hashPassword($user, string $plainPassword): string
} elseif ($user instanceof UserInterface) {
$salt = $user->getSalt();

if (null !== $salt) {
if ($salt) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getSalt() is typehinted as @return string, so null would be invalid. This check is now also in sync with the same deprecation check in CheckCredentialsListener.

@wouterj wouterj force-pushed the pull-41613/backport-53 branch from a7b370f to ca80ee3 Compare August 17, 2021 15:46
@wouterj wouterj merged commit fd0dc96 into symfony:5.3 Aug 17, 2021
@wouterj wouterj deleted the pull-41613/backport-53 branch August 17, 2021 15:46
@fabpot fabpot mentioned this pull request Aug 30, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jderusse jderusse jderusse left review comments

@fabpot fabpot fabpot approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.
5 participants
@wouterj @fabpot @jderusse @chalasr @carsonbot