Permalink
Browse files

Fix HttpSocket mishandling encoded URIs

The HTTP specs seem to indicate that the Location header should contain
an 'absoluteURI' which includes encoded data. In order to avoid
a regression with the issue fixed in b9ee4fc
we'll continue to replace `%2F` and no longer decode the entire URI.

Fixes #5076
  • Loading branch information...
markstory committed Nov 6, 2014
1 parent dac8b7b commit 6aaac6b7e2f5b71ce649df9a109f83d17b3eb61f
Showing with 4 additions and 3 deletions.
  1. +2 −1 lib/Cake/Network/Http/HttpSocket.php
  2. +2 −2 lib/Cake/Test/Case/Network/Http/HttpSocketTest.php
@@ -416,7 +416,8 @@ public function request($request = array()) {
}
if ($this->request['redirect'] && $this->response->isRedirect()) {
- $request['uri'] = trim(urldecode($this->response->getHeader('Location')), '=');
+ $location = trim($this->response->getHeader('Location'), '=');
+ $request['uri'] = str_replace('%2F', '/', $location);
$request['redirect'] = is_int($this->request['redirect']) ? $this->request['redirect'] - 1 : $this->request['redirect'];
$this->response = $this->request($request);
}
@@ -786,7 +786,7 @@ public function testRequestWithRedirectUrlEncoded() {
'uri' => 'http://localhost/oneuri',
'redirect' => 1
);
- $serverResponse1 = "HTTP/1.x 302 Found\r\nDate: Mon, 16 Apr 2007 04:14:16 GMT\r\nServer: CakeHttp Server\r\nContent-Type: text/html\r\nLocation: http://i.cmpnet.com%2Ftechonline%2Fpdf%2Fa.pdf=\r\n\r\n";
+ $serverResponse1 = "HTTP/1.x 302 Found\r\nDate: Mon, 16 Apr 2007 04:14:16 GMT\r\nServer: CakeHttp Server\r\nContent-Type: text/html\r\nLocation: http://i.cmpnet.com%2Ftechonline%2Fpdf%2Fa+b.pdf=\r\n\r\n";
$serverResponse2 = "HTTP/1.x 200 OK\r\nDate: Mon, 16 Apr 2007 04:14:16 GMT\r\nServer: CakeHttp Server\r\nContent-Type: text/html\r\n\r\n<h1>You have been redirected</h1>";
$this->Socket->expects($this->at(1))
@@ -797,7 +797,7 @@ public function testRequestWithRedirectUrlEncoded() {
->method('write')
->with($this->logicalAnd(
$this->stringContains('Host: i.cmpnet.com'),
- $this->stringContains('GET /techonline/pdf/a.pdf')
+ $this->stringContains('GET /techonline/pdf/a+b.pdf')
));
$this->Socket->expects($this->at(4))

0 comments on commit 6aaac6b

Please sign in to comment.