Permalink
Browse files

Fix missing urlencod/urldecode in routing.

Named params and passed args should be urlencoded, as they
may contain non-ascii characters.

Refs GH-214
  • Loading branch information...
1 parent 66cf86c commit 92f9a6c1dbf4886dfc5d031cdd228969776dac00 @markstory markstory committed Oct 30, 2011
Showing with 12 additions and 6 deletions.
  1. +6 −6 lib/Cake/Routing/Route/CakeRoute.php
  2. +6 −0 lib/Cake/Test/Case/Routing/Route/CakeRouteTest.php
@@ -272,11 +272,11 @@ protected function _parseArgs($args, $context) {
$separatorIsPresent = strpos($param, $namedConfig['separator']) !== false;
if ((!isset($this->options['named']) || !empty($this->options['named'])) && $separatorIsPresent) {
list($key, $val) = explode($namedConfig['separator'], $param, 2);
- $val = urldecode($val);
+ $val = rawurldecode($val);
$hasRule = isset($rules[$key]);
$passIt = (!$hasRule && !$greedy) || ($hasRule && !$this->_matchNamed($val, $rules[$key], $context));
if ($passIt) {
- $pass[] = $param;
+ $pass[] = rawurldecode($param);
} else {
if (preg_match_all('/\[([A-Za-z0-9_-]+)?\]/', $key, $matches, PREG_SET_ORDER)) {
$matches = array_reverse($matches);
@@ -297,7 +297,7 @@ protected function _parseArgs($args, $context) {
$named = array_merge_recursive($named, array($key => $val));
}
} else {
- $pass[] = $param;
+ $pass[] = rawurldecode($param);
}
}
return array($pass, $named);
@@ -463,7 +463,7 @@ protected function _writeUrl($params) {
}
if (is_array($params['pass'])) {
- $params['pass'] = implode('/', $params['pass']);
+ $params['pass'] = implode('/', array_map('rawurlencode', $params['pass']));
}
$namedConfig = Router::namedConfig();
@@ -474,10 +474,10 @@ protected function _writeUrl($params) {
foreach ($params['named'] as $key => $value) {
if (is_array($value)) {
foreach ($value as $namedKey => $namedValue) {
- $named[] = $key . "[$namedKey]" . $separator . $namedValue;
+ $named[] = $key . "[$namedKey]" . $separator . rawurlencode($namedValue);
}
} else {
- $named[] = $key . $separator . $value;
+ $named[] = $key . $separator . rawurlencode($value);
}
}
$params['pass'] = $params['pass'] . '/' . implode('/', $named);
@@ -369,6 +369,8 @@ public function testMatchWithNamedParametersAndPassedArgs() {
$result = $route->match(array('controller' => 'posts', 'action' => 'view', 'plugin' => null, 5, 'page' => 1, 'limit' => 20, 'order' => 'title'));
$this->assertEqual($result, '/posts/view/5/page:1/limit:20/order:title');
+ $result = $route->match(array('controller' => 'posts', 'action' => 'view', 'plugin' => null, 'word space', 'order' => 'Θ'));
+ $this->assertEqual($result, '/posts/view/word%20space/order:%CE%98');
$route = new CakeRoute('/test2/*', array('controller' => 'pages', 'action' => 'display', 2));
$result = $route->match(array('controller' => 'pages', 'action' => 'display', 1));
@@ -395,6 +397,10 @@ public function testParseNamedParametersUrlDecode() {
$result = $route->parse('/posts/index/page[]:%CE%98');
$this->assertEquals('Θ', $result['named']['page'][0]);
+
+ $result = $route->parse('/posts/index/something%20else/page[]:%CE%98');
+ $this->assertEquals('Θ', $result['named']['page'][0]);
+ $this->assertEquals('something else', $result['pass'][0]);
}
/**

0 comments on commit 92f9a6c

Please sign in to comment.