Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[5.4] Fix SessionGuard.php recaller method when request is null #17688

Merged
merged 1 commit into from
Jan 31, 2017
Merged

[5.4] Fix SessionGuard.php recaller method when request is null #17688

merged 1 commit into from
Jan 31, 2017

Conversation

briandotdev
Copy link
Contributor

recaller() method throws a non-object exception when $request is null. Null appears to be allowed behavior for $request as the constructor default is null. recaller() method is called by the user() method on line 140 the response is then checked for null on line 142. I believe in current form the recaller() method will never return null if $request is null.

@taylorotwell
Copy link
Member

How did you create this error in a fresh application?

@GrahamCampbell GrahamCampbell changed the title Fix SessionGuard.php recaller method when request is null [5.4] Fix SessionGuard.php recaller method when request is null Jan 31, 2017
@@ -183,7 +183,7 @@ protected function userFromRecaller($recaller)
*/
protected function recaller()
{
if ($recaller = $this->request->cookies->get($this->getRecallerName())) {
if (! is_null($this->request) && $recaller = $this->request->cookies->get($this->getRecallerName())) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assignments inside boolean expressions should be avoided, since it leads to confusion and bugs.

@taylorotwell taylorotwell merged commit 7bbcb88 into laravel:5.4 Jan 31, 2017
@taylorotwell
Copy link
Member

Cleaned it up a bit.

@briandotdev
Copy link
Contributor Author

briandotdev commented Jan 31, 2017

@taylorotwell use of the Auth Facade, specifically Auth::user() in a blade template which is accessible to both authenticated users and guest. My user model has a group attribute. When evaluating content for conditional display based on the user group @if(Auth::user()->group == 1), if the user is guest then I believe the request will be null.

This is probably better handled by me with a user check in the controller but as long as the Facade is accessible in the blade template I believe this scenario would be technically possible.

For quick reproduction, in a fresh install with a user created and logged out a call to Auth::user() in welcome.blade.php:

@if(Auth::user()->id == 1) <h1>Hello World</h1> @endif

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants