Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
VendorSoftware
/
symfony
2
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()

This closes #774, and fixes #772.
Johannes Schmitt há 14 anos atrás
pai
c3084050a0
commit
362b7264d1
4 ficheiros alterados com 23 adições e 3 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 4 0
      UPDATE.md
  2. 1 1
      src/Symfony/Bundle/FrameworkBundle/RequestListener.php
  3. 17 1
      src/Symfony/Component/HttpFoundation/Request.php
  4. 1 1
      src/Symfony/Component/Security/Http/Firewall/ContextListener.php

+ 4 - 0
UPDATE.md
Ver Ficheiro 

@@ -120,6 +120,10 @@ beta1 to beta2
 
           'allow_add' => true,
 
           'allow_delete' => true,
 
       ));
 
+      
+* Request::hasSession() has been renamed to Request::hasPreviousSession(). The
 
+  method hasSession() still exists, but only checks if the request contains a
 
+  session object, not if the session was started in a previous request.
 
 
 PR12 to beta1
 
 -------------

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/RequestListener.php
Ver Ficheiro 

@@ -67,7 +67,7 @@ class RequestListener
 
         }
 
 
         // starts the session if a session cookie already exists in the request...
 
-        if ($request->hasSession()) {
 
+        if ($request->hasPreviousSession()) {
 
             $request->getSession()->start();
 
         }
 
     }

+ 17 - 1
src/Symfony/Component/HttpFoundation/Request.php
Ver Ficheiro 

@@ -308,12 +308,28 @@ class Request
 
         return $this->session;
 
     }
 
 
-    public function hasSession()
 
+    /**
 
+     * Whether the request contains a Session which was started in one of the
 
+     * previous requests.
 
+     *
 
+     * @return boolean
 
+     */
 
+    public function hasPreviousSession()
 
     {
 
         // the check for $this->session avoids malicious users trying to fake a session cookie with proper name
 
         return $this->cookies->has(session_name()) && null !== $this->session;
 
     }
 
 
+    /**
 
+     * Whether the request contains a Session object.
 
+     *
 
+     * @return boolean
 
+     */
 
+    public function hasSession()
 
+    {
 
+        return null !== $this->session;
 
+    }
 
+
 
     public function setSession(Session $session)
 
     {
 
         $this->session = $session;

+ 1 - 1
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Ver Ficheiro 

@@ -62,7 +62,7 @@ class ContextListener implements ListenerInterface
 
     {
 
         $request = $event->getRequest();
 
 
-        $session = $request->hasSession() ? $request->getSession() : null;
 
+        $session = $request->hasPreviousSession() ? $request->getSession() : null;
 
 
         if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
 
             $this->context->setToken(null);