feature #21842 [HttpKernel] Allow signing URIs with a custom query st…

…ring parameter (thewilkybarkid) This PR was merged into the 3.3-dev branch. Discussion ---------- [HttpKernel] Allow signing URIs with a custom query string parameter | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | `UriSigner` is currently restricting to using `_hash` as the query string parameter, this makes is customisable. Commits ------- 32301c3 Allow a custom query string parameter
symfony · Mar 6, 2017 · 7048fd6 · 7048fd6
2 parents a42cf1b + 32301c3
commit 7048fd6
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php b/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
@@ -50,4 +50,15 @@ public function testCheckWithDifferentArgSeparator()
         );
         $this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
     }
+
+    public function testCheckWithDifferentParameter()
+    {
+        $signer = new UriSigner('foobar', 'qux');
+
+        $this->assertSame(
+            'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
+            $signer->sign('http://example.com/foo?foo=bar&baz=bay')
+        );
+        $this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
+    }
 }
diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php
@@ -19,21 +19,24 @@
 class UriSigner
 {
     private $secret;
+    private $parameter;
 
     /**
      * Constructor.
      *
-     * @param string $secret A secret
+     * @param string $secret    A secret
+     * @param string $parameter Query string parameter to use
      */
-    public function __construct($secret)
+    public function __construct($secret, $parameter = '_hash')
     {
         $this->secret = $secret;
+        $this->parameter = $parameter;
     }
 
     /**
      * Signs a URI.
      *
-     * The given URI is signed by adding a _hash query string parameter
+     * The given URI is signed by adding the query string parameter
      * which value depends on the URI and the secret.
      *
      * @param string $uri A URI to sign
@@ -51,13 +54,13 @@ public function sign($uri)
 
         $uri = $this->buildUrl($url, $params);
 
-        return $uri.(false === strpos($uri, '?') ? '?' : '&').'_hash='.$this->computeHash($uri);
+        return $uri.(false === strpos($uri, '?') ? '?' : '&').$this->parameter.'='.$this->computeHash($uri);
     }
 
     /**
      * Checks that a URI contains the correct hash.
      *
-     * The _hash query string parameter must be the last one
+     * The query string parameter must be the last one
      * (as it is generated that way by the sign() method, it should
      * never be a problem).
      *
@@ -74,12 +77,12 @@ public function check($uri)
             $params = array();
         }
 
-        if (empty($params['_hash'])) {
+        if (empty($params[$this->parameter])) {
             return false;
         }
 
-        $hash = urlencode($params['_hash']);
-        unset($params['_hash']);
+        $hash = urlencode($params[$this->parameter]);
+        unset($params[$this->parameter]);
 
         return $this->computeHash($this->buildUrl($url, $params)) === $hash;
     }