ShopUrl: validate physical_uri and virtual_uri

physical_uri and virtual_uri are used to construct url for various assets. We need to ensure they contain valid values only. Related to thirtybees#774
eschiendorfer · Mar 23, 2022 · 73a084f · 73a084f
1 parent 3b87eb9
commit 73a084f
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 3 deletions.
diff --git a/classes/Validate.php b/classes/Validate.php
@@ -1201,6 +1201,21 @@ public static function isDirName($dir)
         return (bool) preg_match('/^[a-zA-Z0-9_.-]*$/', $dir);
     }
 
+    /**
+     * Check for standard uri path validity
+     *
+     * @param string $path path to validate
+     *
+     * @return bool Validity is ok or not
+     */
+    public static function isUriPath($path)
+    {
+        if (is_string($path)) {
+            return (bool) preg_match('/^[\/a-zA-Z0-9_.-]*$/', $path);
+        }
+        return false;
+    }
+
     /**
      * Check for admin panel tab name validity
      *

diff --git a/classes/shop/ShopUrl.php b/classes/shop/ShopUrl.php
@@ -67,8 +67,8 @@ class ShopUrlCore extends ObjectModel
             'id_shop'      => ['type' => self::TYPE_INT, 'validate' => 'isUnsignedInt', 'required' => true               ],
             'domain'       => ['type' => self::TYPE_STRING, 'validate' => 'isCleanHtml', 'required' => true, 'size' => 150],
             'domain_ssl'   => ['type' => self::TYPE_STRING, 'validate' => 'isCleanHtml', 'size' => 150, 'dbNullable' => false],
-            'physical_uri' => ['type' => self::TYPE_STRING, 'validate' => 'isString', 'size' => 64, 'dbNullable' => false],
-            'virtual_uri'  => ['type' => self::TYPE_STRING, 'validate' => 'isString', 'size' => 64, 'dbNullable' => false],
+            'physical_uri' => ['type' => self::TYPE_STRING, 'validate' => 'isUriPath', 'size' => 64, 'dbNullable' => false],
+            'virtual_uri'  => ['type' => self::TYPE_STRING, 'validate' => 'isUriPath', 'size' => 64, 'dbNullable' => false],
             'main'         => ['type' => self::TYPE_BOOL, 'validate' => 'isBool', 'dbType' => 'tinyint(1)', 'dbNullable' => false],
             'active'       => ['type' => self::TYPE_BOOL, 'validate' => 'isBool', 'dbType' => 'tinyint(1)', 'dbNullable' => false],
         ],

diff --git a/tests/unit/ValidateTest.php b/tests/unit/ValidateTest.php
@@ -396,8 +396,35 @@ public function isPriceProvider()
      *
      * @dataProvider isPriceProvider
      */
-    public function testisPrice($expected, $input)
+    public function testIsPrice($expected, $input)
     {
         $this->assertSame($expected, Validate::isPrice($input));
     }
+
+    public function isUriPathProvider()
+    {
+        return [
+            [true,  ""],
+            [true,  "/"],
+            [true,  "/a/b"],
+            [true,  "/a/b-c/d"],
+            [true, "6"],
+            [true, "//6/a"],
+            [false, 6],
+            [false, "a b"],
+            [true, 'a.b.c'],
+        ];
+    }
+
+    /**
+     * @param bool $expected
+     * @param string $input
+     *
+     * @dataProvider isUriPathProvider
+     * @throws PrestaShopException
+     */
+    public function testIsUriPathProvider($expected, $input)
+    {
+        $this->assertSame($expected, Validate::isUriPath($input));
+    }
 }