Correctly validate the URL suffix

AlexejKossmann · Jul 21, 2020 · ded7d5c · ded7d5c
1 parent 1f70bdb
commit ded7d5c
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 2 deletions.
diff --git a/core-bundle/src/Routing/Candidates/PageCandidates.php b/core-bundle/src/Routing/Candidates/PageCandidates.php
@@ -91,7 +91,7 @@ private function addRegexQuery(QueryBuilder $queryBuilder, string $pathInfo): bo
         }
 
         preg_match_all(
-            '#^(/'.implode('|/', array_map('preg_quote', $this->urlPrefixes)).')'.implode('|', $paths).'('.implode('|', array_map('preg_quote', $this->urlSuffixes)).')?'.'$#sD',
+            '#^(/'.implode('|/', array_map('preg_quote', $this->urlPrefixes)).')('.implode('|', $paths).')('.implode('|', array_map('preg_quote', $this->urlSuffixes)).')'.'$#sD',
             $pathInfo,
             $matches
         );

diff --git a/core-bundle/tests/Routing/Candidates/CandidatesTest.php b/core-bundle/tests/Routing/Candidates/CandidatesTest.php
@@ -384,7 +384,7 @@ public function testIncluesPageWithAbsolutePath(): void
             ->expects($this->once())
             ->method('getPathRegex')
             ->willReturn([
-                'foo' => '#^/bar/[a-z]+\.html$#sD',
+                'foo' => '#^/bar/[a-z]+$#sD',
                 'bar' => '#^/bar$#sD',
             ])
         ;
@@ -394,6 +394,40 @@ public function testIncluesPageWithAbsolutePath(): void
         $this->assertSame(['bar/baz', 'bar', 15], $candidates->getCandidates($request));
     }
 
+    public function testIncluesPageWithAbsolutePathAndSuffix(): void
+    {
+        $request = $this->mockRequest('/foo/bar/baz.html');
+
+        $queryBuilder = $this->createMock(QueryBuilder::class);
+        $queryBuilder
+            ->expects($this->once())
+            ->method('orWhere')
+            ->with('type IN (:types)')
+            ->willReturnSelf()
+        ;
+
+        $queryBuilder
+            ->expects($this->once())
+            ->method('setParameter')
+            ->with('types', ['foo', 'bar'], Connection::PARAM_STR_ARRAY)
+            ->willReturnSelf()
+        ;
+
+        $pageRegistry = $this->mockPageRegistry(['foo', 'bar'], ['.html', '']);
+        $pageRegistry
+            ->expects($this->once())
+            ->method('getPathRegex')
+            ->willReturn([
+                'foo' => '#^/bar/[a-z]+\.html$#sD',
+                'bar' => '#^/bar$#sD',
+            ])
+        ;
+
+        $candidates = new PageCandidates($this->mockConnection($queryBuilder), $pageRegistry);
+
+        $this->assertSame(['bar/baz', 'bar', 'bar/baz.html', 15], $candidates->getCandidates($request));
+    }
+
     /**
      * @return Request&MockObject
      */