Upgrade 1-11.38

vendor/symfony/security/Csrf/TokenStorage/NativeSessionTokenStorage.php

@@ -18,30 +18,20 @@ use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
  *
  * @author Bernhard Schussek <bschussek@gmail.com>
  */
-class NativeSessionTokenStorage implements TokenStorageInterface
+class NativeSessionTokenStorage implements ClearableTokenStorageInterface
 {
     /**
      * The namespace used to store values in the session.
-     *
-     * @var string
      */
     const SESSION_NAMESPACE = '_csrf';
 
-    /**
-     * @var bool
-     */
     private $sessionStarted = false;
-
-    /**
-     * @var string
-     */
     private $namespace;
 
     /**
      * Initializes the storage with a session namespace.
      *
-     * @param string $namespace The namespace under which the token is stored
-     *                          in the session
+     * @param string $namespace The namespace under which the token is stored in the session
      */
     public function __construct($namespace = self::SESSION_NAMESPACE)
     {
@@ -97,18 +87,32 @@ class NativeSessionTokenStorage implements TokenStorageInterface
             $this->startSession();
         }
 
-        $token = isset($_SESSION[$this->namespace][$tokenId])
-            ? (string) $_SESSION[$this->namespace][$tokenId]
-            : null;
+        if (!isset($_SESSION[$this->namespace][$tokenId])) {
+            return null;
+        }
+
+        $token = (string) $_SESSION[$this->namespace][$tokenId];
 
         unset($_SESSION[$this->namespace][$tokenId]);
 
+        if (!$_SESSION[$this->namespace]) {
+            unset($_SESSION[$this->namespace]);
+        }
+
         return $token;
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function clear()
+    {
+        unset($_SESSION[$this->namespace]);
+    }
+
     private function startSession()
     {
-        if (PHP_SESSION_NONE === session_status()) {
+        if (\PHP_SESSION_NONE === session_status()) {
             session_start();
         }
 

vendor/symfony/security/Csrf/TokenStorage/SessionTokenStorage.php

@@ -19,33 +19,21 @@ use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
  *
  * @author Bernhard Schussek <bschussek@gmail.com>
  */
-class SessionTokenStorage implements TokenStorageInterface
+class SessionTokenStorage implements ClearableTokenStorageInterface
 {
     /**
      * The namespace used to store values in the session.
-     *
-     * @var string
      */
     const SESSION_NAMESPACE = '_csrf';
 
-    /**
-     * The user session from which the session ID is returned.
-     *
-     * @var SessionInterface
-     */
     private $session;
-
-    /**
-     * @var string
-     */
     private $namespace;
 
     /**
      * Initializes the storage with a Session object and a session namespace.
      *
-     * @param SessionInterface $session   The user session
-     * @param string           $namespace The namespace under which the token
-     *                                    is stored in the session
+     * @param SessionInterface $session   The user session from which the session ID is returned
+     * @param string           $namespace The namespace under which the token is stored in the session
      */
     public function __construct(SessionInterface $session, $namespace = self::SESSION_NAMESPACE)
     {
@@ -104,4 +92,16 @@ class SessionTokenStorage implements TokenStorageInterface
 
         return $this->session->remove($this->namespace.'/'.$tokenId);
     }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function clear()
+    {
+        foreach (array_keys($this->session->all()) as $key) {
+            if (0 === strpos($key, $this->namespace.'/')) {
+                $this->session->remove($key);
+            }
+        }
+    }
 }