bug #29981 [Security] Complain about an empty decision strategy (corphi)

This PR was merged into the 3.4 branch. Discussion ---------- [Security] Complain about an empty decision strategy | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - When an empty string is passed (or objects with a similarly behaving `__toString()` method) to the constructor, the call to `decide` causes infinite recursion. Commits ------- 3a22cad Fix infinite recursion when passed an empty string
symfony · Feb 21, 2019 · 68d5597 · 68d5597
2 parents da16b9c + 3a22cad
commit 68d5597
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
@@ -43,7 +43,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
     public function __construct($voters = [], $strategy = self::STRATEGY_AFFIRMATIVE, $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
     {
         $strategyMethod = 'decide'.ucfirst($strategy);
-        if (!\is_callable([$this, $strategyMethod])) {
+        if ('' === $strategy || !\is_callable([$this, $strategyMethod])) {
             throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));
         }