Merge pull request #560 from FriendsOfSymfony/2.9-to-master

2.9 to master

Author: dbu

CHANGELOG.md

@@ -1,6 +1,17 @@
 Changelog
 =========
 
+2.10.2
+------
+
+### Fixed
+
+* The fix about overwriting flash messages on multiple redirects introduced in
+  version 2.9.1 created the risk of losing flash messages when redirecting to a
+  path that is outside the firewall or destroys the session.
+  This version hopefully fixes both cases. Existing flash messages in a request
+  cookie are merged with new flash messages from the session.
+
 2.10.1
 ------
 
@@ -17,6 +28,17 @@ Changelog
 * Dropped support for PHP 7.2
 * Added support for PHP 8 Attributes
 
+2.9.2
+-----
+
+### Fixed
+
+* The fix about overwriting flash messages on multiple redirects introduced in
+  version 2.9.1 created the risk of losing flash messages when redirecting to a
+  path that is outside the firewall or destroys the session.
+  This version hopefully fixes both cases. Existing flash messages in a request
+  cookie are merged with new flash messages from the session.
+
 2.9.1
 -----
 

src/EventListener/FlashMessageListener.php

@@ -87,26 +87,28 @@ public function onKernelResponse(FlashMessageResponseEvent $event)
             return;
         }
 
-        $response = $event->getResponse();
-
-        // If the response is a redirect, we should wait until the final response
-        // is reached
-        if ($response->isRedirect()) {
-            return;
-        }
-
         $flashBag = $this->session->getFlashBag();
         $flashes = $flashBag->all();
 
         if (empty($flashes)) {
             return;
         }
 
+        $response = $event->getResponse();
+
         $cookies = $response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
         $host = (null === $this->options['host']) ? '' : $this->options['host'];
         if (isset($cookies[$host][$this->options['path']][$this->options['name']])) {
             $rawCookie = $cookies[$host][$this->options['path']][$this->options['name']]->getValue();
-            $flashes = array_merge($flashes, json_decode($rawCookie));
+            $flashes = array_merge_recursive($flashes, json_decode($rawCookie, true));
+        }
+
+        // Preserve existing flash message cookie from previous redirect if there was one.
+        // This covers multiple redirects where each redirect adds flash messages.
+        $request = $event->getRequest();
+        if ($request->cookies->has($this->options['name'])) {
+            $rawCookie = $request->cookies->get($this->options['name']);
+            $flashes = array_merge_recursive($flashes, json_decode($rawCookie, true));
         }
 
         $cookie = new Cookie(

tests/Functional/EventListener/FlashMessageListenerTest.php

@@ -13,7 +13,6 @@
 
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
-use Symfony\Component\HttpFoundation\Cookie;
 
 class FlashMessageListenerTest extends WebTestCase
 {
@@ -33,7 +32,6 @@ public function testFlashMessageCookieIsSet()
 
         $found = false;
         foreach ($cookies as $cookie) {
-            /** @var Cookie $cookie */
             if ('flash_cookie_name' !== $cookie->getName()) {
                 continue;
             }
@@ -45,9 +43,7 @@ public function testFlashMessageCookieIsSet()
             $found = true;
         }
 
-        if (!$found) {
-            $this->fail('Cookie flash_cookie_name not found in the cookie response header: '.implode(',', $cookies));
-        }
+        $this->assertTrue($found, 'Cookie "flash_cookie_name" not found in response cookies');
     }
 
     public function testFlashMessageCookieIsSetOnRedirect()
@@ -65,7 +61,6 @@ public function testFlashMessageCookieIsSetOnRedirect()
 
         $found = false;
         foreach ($cookies as $cookie) {
-            /** @var Cookie $cookie */
             if ('flash_cookie_name' !== $cookie->getName()) {
                 continue;
             }
@@ -77,8 +72,6 @@ public function testFlashMessageCookieIsSetOnRedirect()
             $found = true;
         }
 
-        if (!$found) {
-            $this->fail('Cookie flash_cookie_name not found in the cookie response header: '.implode(',', $cookies));
-        }
+        $this->assertTrue($found, 'Cookie "flash_cookie_name" not found in response cookies');
     }
 }