Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[WIP][RFC] Keep 'old' render behavior. Sign _internal urls instead.

  • Loading branch information...
commit a564c1e13eed42b30445d8f322d6d7d827dbd2a4 1 parent d4d4973
@asm89 authored
View
5 src/Symfony/Bundle/FrameworkBundle/Controller/InternalController.php
@@ -61,6 +61,11 @@ public function indexAction($path, $controller)
}
$request = $this->container->get('request');
+
+ if (!$this->container->get('routing.url_signer')->verify($request->getUri())) {
+ throw new \RuntimeException('Invalid url signature.');
+ }
+
$attributes = $request->attributes;
$attributes->remove('path');
View
39 src/Symfony/Bundle/FrameworkBundle/HttpKernel.php
@@ -130,25 +130,6 @@ public function render($controller, array $options = array())
return $this->container->get('esi')->renderIncludeTag($uri, $alt, $options['ignore_errors'], $options['comment']);
}
- if ('js' === $options['standalone']) {
- $uri = $this->generateInternalUri($controller, $options['attributes'], $options['query'], false);
- $defaultContent = null;
-
- $templating = $this->container->get('templating');
-
- if ($options['default']) {
- if ($templating->exists($options['default'])) {
- $defaultContent = $templating->render($options['default']);
- } else {
- $defaultContent = $options['default'];
- }
- } elseif ($template = $this->container->getParameter('templating.hinclude.default_template')) {
- $defaultContent = $templating->render($template);
- }
-
- return $this->renderHIncludeTag($uri, $defaultContent);
- }
-
$request = $this->container->get('request');
// controller or URI or path?
@@ -216,18 +197,17 @@ public function render($controller, array $options = array())
* @param string $controller A controller name to execute (a string like BlogBundle:Post:index), or a relative URI
* @param array $attributes An array of request attributes
* @param array $query An array of request query parameters
- * @param boolean $secure
*
* @return string An internal URI
*/
- public function generateInternalUri($controller, array $attributes = array(), array $query = array(), $secure = true)
+ public function generateInternalUri($controller, array $attributes = array(), array $query = array())
{
if (0 === strpos($controller, '/')) {
return $controller;
}
$path = http_build_query($attributes, '', '&');
- $uri = $this->container->get('router')->generate($secure ? '_internal' : '_internal_public', array(
+ $uri = $this->container->get('router')->generate('_internal', array(
'controller' => $controller,
'path' => $path ?: 'none',
'_format' => $this->container->get('request')->getRequestFormat(),
@@ -237,20 +217,7 @@ public function generateInternalUri($controller, array $attributes = array(), ar
$uri .= '?'.$queryString;
}
- return $uri;
- }
-
- /**
- * Renders an HInclude tag.
- *
- * @param string $uri A URI
- * @param string $defaultContent Default content
- *
- * @return string
- */
- public function renderHIncludeTag($uri, $defaultContent = null)
- {
- return sprintf('<hx:include src="%s">%s</hx:include>', $uri, $defaultContent);
+ return $this->container->get('routing.url_signer')->sign($uri);
}
public function hasEsiSupport()
View
5 src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
@@ -7,6 +7,7 @@
<parameters>
<parameter key="esi.class">Symfony\Component\HttpKernel\HttpCache\Esi</parameter>
<parameter key="esi_listener.class">Symfony\Component\HttpKernel\EventListener\EsiListener</parameter>
+ <parameter key="routing.url_signer.class">Symfony\Bundle\FrameworkBundle\Routing\UrlSigner</parameter>
</parameters>
<services>
@@ -16,5 +17,9 @@
<tag name="kernel.event_subscriber" />
<argument type="service" id="esi" on-invalid="ignore" />
</service>
+
+ <service id="routing.url_signer" class="%routing.url_signer.class%">
+ <argument>%kernel.secret%</argument>
+ </service>
</services>
</container>
View
52 src/Symfony/Bundle/FrameworkBundle/Routing/UrlSigner.php
@@ -0,0 +1,52 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Routing;
+
+/**
+ * Signs and verifies signed urls.
+ *
+ * @author Alexander <iam.asm89@gmail.com>
+ */
+class UrlSigner
+{
+ private $secret;
+
+ /**
+ * @param string $secret
+ */
+ public function __construct($secret)
+ {
+ $this->secret = $secret;
+ }
+
+ /**
+ * @param string $url
+ *
+ * @return string Signed url.
+ */
+ public function sign($url)
+ {
+ // todo: actually sign the url
+ return $url;
+ }
+
+ /**
+ * @param string $url
+ *
+ * @return boolean
+ */
+ public function verify($url)
+ {
+ // todo: actually verify the signed url
+ return true;
+ }
+}
View
19 src/Symfony/Bundle/FrameworkBundle/Tests/HttpKernelTest.php
@@ -120,6 +120,10 @@ public function testGenerateInternalUriHandlesNullValues()
{
$request = new Request();
+ $urlSigner = $this->getMockBuilder('Symfony\\Bundle\\FrameworkBundle\\Routing\\UrlSigner')
+ ->disableOriginalConstructor()
+ ->getMock();
+
$router = $this->getMock('Symfony\\Component\\Routing\\RouterInterface');
$container = $this->getMock('Symfony\\Component\\DependencyInjection\\ContainerInterface');
$container
@@ -134,6 +138,12 @@ public function testGenerateInternalUriHandlesNullValues()
->with($this->equalTo('request'))
->will($this->returnValue($request))
;
+ $container
+ ->expects($this->at(2))
+ ->method('get')
+ ->with($this->equalTo('routing.url_signer'))
+ ->will($this->returnValue($urlSigner))
+ ;
$controller = 'AController';
$attributes = array('anAttribute' => null);
@@ -149,12 +159,19 @@ public function testGenerateInternalUriHandlesNullValues()
->will($this->returnValue('GENERATED_URI'))
;
+ $urlSigner
+ ->expects($this->once())
+ ->method('sign')
+ ->with($this->equalTo('GENERATED_URI'))
+ ->will($this->returnValue('SIGNED_GENERATED_URI'))
+ ;
+
$dispatcher = new EventDispatcher();
$resolver = $this->getMock('Symfony\\Component\\HttpKernel\\Controller\\ControllerResolverInterface');
$kernel = new HttpKernel($dispatcher, $container, $resolver);
$uri = $kernel->generateInternalUri($controller, $attributes, $query);
- $this->assertEquals('GENERATED_URI', $uri);
+ $this->assertEquals('SIGNED_GENERATED_URI', $uri);
}
public function getProviderTypes()
Please sign in to comment.
Something went wrong with that request. Please try again.