From 00aaea21a4a7e87dcfca174caf006cf89be58a45 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Wed, 8 Nov 2023 11:34:20 +0100 Subject: [PATCH] check that the secret passed to RequestParser is not empty --- src/Symfony/Component/Webhook/Client/RequestParser.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Symfony/Component/Webhook/Client/RequestParser.php b/src/Symfony/Component/Webhook/Client/RequestParser.php index dc81765abf3a3..3b4b2a922cf86 100644 --- a/src/Symfony/Component/Webhook/Client/RequestParser.php +++ b/src/Symfony/Component/Webhook/Client/RequestParser.php @@ -18,6 +18,7 @@ use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher; use Symfony\Component\HttpFoundation\RequestMatcherInterface; use Symfony\Component\RemoteEvent\RemoteEvent; +use Symfony\Component\Webhook\Exception\InvalidArgumentException; use Symfony\Component\Webhook\Exception\RejectWebhookException; /** @@ -43,6 +44,10 @@ protected function getRequestMatcher(): RequestMatcherInterface protected function doParse(Request $request, #[\SensitiveParameter] string $secret): RemoteEvent { + if (!$secret) { + throw new InvalidArgumentException('A non-empty secret is required.'); + } + $body = $request->toArray(); foreach ([$this->signatureHeaderName, $this->eventHeaderName, $this->idHeaderName] as $header) { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy