From 5e9ff986ca844ab996b23c1c0e0a5360655a63aa Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Sun, 24 Jan 2016 07:15:32 +0900 Subject: [PATCH] Refactored to use class constants --- public_html/admin/router.php | 4 ++-- system/classes/router.class.php | 39 ++++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/public_html/admin/router.php b/public_html/admin/router.php index 5f37c9d2e..fdc6d5ab7 100644 --- a/public_html/admin/router.php +++ b/public_html/admin/router.php @@ -354,8 +354,8 @@ function saveRoute($rid, $method, $rule, $route, $priority) $route = str_ireplace('&', '&', $route); // Check if placeholders are the same - $numPlaceHoldersInRule = preg_match_all(Router::PATTERN_PLACEHOLDER, $rule, $matchesRule, PREG_SET_ORDER); - $numPlaceHoldersInRoute = preg_match_all(Router::PATTERN_PLACEHOLDER, $route, $matchesRoute, PREG_SET_ORDER); + $numPlaceHoldersInRule = preg_match_all(Router::PLACEHOLDER_MATCH, $rule, $matchesRule, PREG_SET_ORDER); + $numPlaceHoldersInRoute = preg_match_all(Router::PLACEHOLDER_MATCH, $route, $matchesRoute, PREG_SET_ORDER); if ($numPlaceHoldersInRule === $numPlaceHoldersInRoute) { if ($numPlaceHoldersInRule > 0) { diff --git a/system/classes/router.class.php b/system/classes/router.class.php index 5016a5707..d242b9a00 100644 --- a/system/classes/router.class.php +++ b/system/classes/router.class.php @@ -18,7 +18,11 @@ class Router const ROUTING_WITHOUT_INDEX_PHP = 2; // Placeholder pattern - const PATTERN_PLACEHOLDER = '|(@[a-zA-Z][0-9a-zA-Z_]*)|'; + const PLACEHOLDER_MATCH = '|(@[a-zA-Z][0-9a-zA-Z_]*)|'; + const PLACEHOLDER_REPLACE = '([^/&=?#]+)'; + + // Values to escape pattern + const VALUE_MATCH = '|[^0-9a-zA-Z_.-]|'; // Default priority const DEFAULT_PRIORITY = 100; @@ -39,7 +43,7 @@ public static function setDebug($switch) } /** - * Dispatch the client + * Dispatch the client based on $_SERVER['PATH_INFO'] * * @return bool when not dispatched */ @@ -128,11 +132,12 @@ public static function dispatch() header('Location: ' . $route); COM_errorLog(__METHOD__ . ': somehow could not redirect'); + return false; } // Try comparison with placeholders - if (preg_match_all(self::PATTERN_PLACEHOLDER, $rule, $matches, PREG_SET_ORDER)) { + if (preg_match_all(self::PLACEHOLDER_MATCH, $rule, $matches, PREG_SET_ORDER)) { // Escape a period and a question mark so that they can safely be used in a regular expression $rule = str_replace(array('.', '?'), array('\.', '\?'), $rule); $placeHolders = array(); @@ -140,7 +145,7 @@ public static function dispatch() // Replace placeholders in a rule with ones for regular expressions foreach ($matches as $match) { $placeHolders[] = $match[1]; - $rule = str_replace($match[1], '([^/&=?#]+)', $rule); + $rule = str_replace($match[1], self::PLACEHOLDER_REPLACE, $rule); } $rule = '|\A' . $rule . '\z|i'; @@ -152,7 +157,10 @@ public static function dispatch() array_shift($values); foreach ($values as $value) { - $value = urlencode($value); + if (preg_match(self::VALUE_MATCH, $value)) { + $value = urlencode($value); + } + $placeHolder = array_shift($placeHolders); $route = str_replace($placeHolder, $value, $route); } @@ -183,7 +191,8 @@ public static function dispatch() /** * Convert a URL * - * e.g. [SITE_URL]/article.php?story=welcome -> [SITE_URL]/index.php/article/welcome or [SITE_URL]/article/welcome + * e.g. [SITE_URL]/article.php?story=welcome + * -> [SITE_URL]/index.php/article/welcome or [SITE_URL]/article/welcome * * @param string $url * @param int $requestMethod @@ -195,7 +204,7 @@ public static function convertUrl($url, $requestMethod = self::HTTP_REQUEST_GET) $originalUrl = $url; - // URL rewrite is disabled + // URL rewriting is disabled if (!$_CONF['url_rewrite']) { return $originalUrl; } @@ -213,7 +222,7 @@ public static function convertUrl($url, $requestMethod = self::HTTP_REQUEST_GET) } // Strip $url of $_CONF['site_url'] - $url = str_replace($_CONF['site_url'], '', $url); + $url = str_ireplace($_CONF['site_url'], '', $url); // Check for $requestMethod $requestMethod = intval($requestMethod, 10); @@ -261,17 +270,18 @@ public static function convertUrl($url, $requestMethod = self::HTTP_REQUEST_GET) } // Try comparison with placeholders - if (preg_match_all(self::PATTERN_PLACEHOLDER, $route, $matches, PREG_SET_ORDER)) { + if (preg_match_all(self::PLACEHOLDER_MATCH, $route, $matches, PREG_SET_ORDER)) { $placeHolders = array(); + // Escape '.', '?' and '+' in the route so that they can safely be used in a regular expression + $route = str_replace(array('.', '?', '+'), array('\.', '\?', '\+'), $route); + // Replace placeholders in a route with ones for regular expressions foreach ($matches as $match) { $placeHolders[] = $match[1]; - $route = str_replace($match[1], '([^/&=?#]+)', $route); + $route = str_replace($match[1], self::PLACEHOLDER_REPLACE, $route); } - // Escape a period and a question mark so that they can safely be used in a regular expression - $route = str_replace(array('.', '?'), array('\.', '\?'), $route); $route = '|\A' . $route . '\z|i'; if (!preg_match($route, $url, $values)) { @@ -281,7 +291,10 @@ public static function convertUrl($url, $requestMethod = self::HTTP_REQUEST_GET) array_shift($values); foreach ($values as $value) { - $value = urlencode($value); + if (preg_match(self::VALUE_MATCH, $value)) { + $value = urlencode($value); + } + $placeHolder = array_shift($placeHolders); $rule = str_replace($placeHolder, $value, $rule); }