FriendsOfSymfony · b-durand · Jun 5, 2013 · Jun 12, 2013
diff --git a/Controller/SecurityController.php b/Controller/SecurityController.php
@@ -14,6 +14,7 @@
 use Symfony\Component\DependencyInjection\ContainerAware;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\SecurityContextInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
 
 class SecurityController extends ContainerAware
 {
@@ -33,8 +34,12 @@ public function loginAction(Request $request)
         }
 
         if ($error) {
-            // TODO: this is a potential security risk (see http://trac.symfony-project.org/ticket/9523)
-            $error = $error->getMessage();
+            if ($error instanceof AuthenticationException) {
+                $error = $error->getMessageKey();
+            } else {
+                // TODO: this is a potential security risk (see http://trac.symfony-project.org/ticket/9523)
+                $error = $error->getMessage();
+            }
         }
         // last username entered by the user
         $lastUsername = (null === $session) ? '' : $session->get(SecurityContextInterface::LAST_USERNAME);

diff --git a/Resources/views/Security/login.html.twig b/Resources/views/Security/login.html.twig
@@ -4,7 +4,7 @@
 
 {% block fos_user_content %}
 {% if error %}
-    <div>{{ error|trans }}</div>
+    <div>{{ error|trans({}, 'security') }}</div>
 {% endif %}
 
 <form action="{{ path("fos_user_security_check") }}" method="post">