Hello,
I think so, at least I've been using similar change for about 4 months
now and it seems to work OK (I sent it to the e-mail address for
sending security issues as I wasn't sure it qualifies as one, but
received no response. I then forgot to send it here, sorry):
- if (null === $token = $this->context->getToken()) {
- return;
- }
+ $token = $this->context->getToken();
if (null === $token || $token instanceof AnonymousToken) {
+ $request = $event->getRequest();
+ $session = $request->hasSession() ? $request->getSession() : null;
+ $sessionHasContext = (null !== $session &&
$session->has('_security_'.$this->contextKey));
+ if ($sessionHasContext) {
+ if (null !== $this->logger) {
+ $this->logger->debug('Remove SecurityContext from
the session');
+ }
+ $session->remove('_security_'.$this->contextKey);
+ }
return;
}
Regards,
Martin Sucha
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
