From eef742d04b45431c56ba7e839cf1b80bc2dcbaf3 Mon Sep 17 00:00:00 2001
From: matlec <mathieu.lechat@sensiolabs.com>
Date: Fri, 5 Sep 2025 12:10:29 +0200
Subject: [PATCH 1/2] [Security] Fix `HttpUtils::createRequest()` when the base
 request is forwarded

---
 HttpUtils.php           |  6 ++++++
 Tests/HttpUtilsTest.php | 10 ++++++++++
 2 files changed, 16 insertions(+)

diff --git a/HttpUtils.php b/HttpUtils.php
index 0163bb18..af0c732f 100644
--- a/HttpUtils.php
+++ b/HttpUtils.php
@@ -70,7 +70,13 @@ public function createRedirectResponse(Request $request, string $path, int $stat
      */
     public function createRequest(Request $request, string $path): Request
     {
+        if ($trustedProxies = Request::getTrustedProxies()) {
+            Request::setTrustedProxies([], Request::getTrustedHeaderSet());
+        }
         $newRequest = Request::create($this->generateUri($request, $path), 'get', [], $request->cookies->all(), [], $request->server->all());
+        if ($trustedProxies) {
+            Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
+        }
 
         static $setSession;
 
diff --git a/Tests/HttpUtilsTest.php b/Tests/HttpUtilsTest.php
index e165a4df..c042b02c 100644
--- a/Tests/HttpUtilsTest.php
+++ b/Tests/HttpUtilsTest.php
@@ -233,6 +233,16 @@ public static function provideSecurityRequestAttributes()
         ];
     }
 
+    public function testCreateRequestHandlesTrustedHeaders()
+    {
+        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_PREFIX);
+
+        $this->assertSame(
+            'http://localhost/foo/',
+            (new HttpUtils())->createRequest(Request::create('/', server: ['HTTP_X_FORWARDED_PREFIX' => '/foo']), '/')->getUri(),
+        );
+    }
+
     public function testCheckRequestPath()
     {
         $utils = new HttpUtils($this->getUrlGenerator());

From 6c2e236f0fc3e0853770a5574ef7af471486ba4c Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Fri, 5 Sep 2025 14:17:45 +0200
Subject: [PATCH 2/2] use the empty string instead of null as an array offset

---
 Logout/LogoutUrlGenerator.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Logout/LogoutUrlGenerator.php b/Logout/LogoutUrlGenerator.php
index 1126a054..8550c28c 100644
--- a/Logout/LogoutUrlGenerator.php
+++ b/Logout/LogoutUrlGenerator.php
@@ -146,8 +146,8 @@ private function getListener(?string $key): array
         }
 
         // Fetch from injected current firewall information, if possible
-        if (isset($this->listeners[$this->currentFirewallName])) {
-            return $this->listeners[$this->currentFirewallName];
+        if (isset($this->listeners[$this->currentFirewallName ?? ''])) {
+            return $this->listeners[$this->currentFirewallName ?? ''];
         }
 
         foreach ($this->listeners as $listener) {