Issue mozfr#655: escape semi-colon in query string to make the url pa…

…rsable
pascalchevrel · Mar 2, 2016 · f964079 · f964079
1 parent 37f5199
commit f964079
Show file tree

Hide file tree

Showing 5 changed files with 295 additions and 2 deletions.
diff --git a/OAqq b/OAqq
@@ -0,0 +1,58 @@
+[1mdiff --git a/app/controllers/api.php b/app/controllers/api.php[m
+[1mindex e7e0bb4..9e43047 100644[m
+[1m--- a/app/controllers/api.php[m
+[1m+++ b/app/controllers/api.php[m
+[36m@@ -2,6 +2,7 @@[m
+ namespace Transvision;[m
+ [m
+ // Create our API object[m
+[32m+[m[32m// cli_dump('gg', $url);[m
+ $request = new API($url);[m
+ [m
+ // Check if valid API call[m
+[1mdiff --git a/app/inc/router.php b/app/inc/router.php[m
+[1mindex 81e4f22..d5a94f3 100644[m
+[1m--- a/app/inc/router.php[m
+[1m+++ b/app/inc/router.php[m
+[36m@@ -6,10 +6,14 @@[m
+     port definition. ex:[m
+     ?sourcelocale=en-US&locale=fr&repo=beta&search_type=entities&recherche=mail/chrome/messenger/mime.properties:1008[m
+ [m
+[31m-    That's why we escape the semicolon to %3A before parsing it.[m
+[32m+[m[32m    That's why we escape the semicolon to %3A before parsing it and then revert[m
+[32m+[m[32m    that change in the query variable created.[m
+ */[m
+[31m-$_SERVER['REQUEST_URI'] = str_replace(':', '%3A', $_SERVER['REQUEST_URI']);[m
+[31m-$url = parse_url($_SERVER['REQUEST_URI']);[m
+[32m+[m[32m$url = parse_url(str_replace(':', '%3A', $_SERVER['REQUEST_URI']));[m
+[32m+[m
+[32m+[m[32mif (isset($url['query'])) {[m
+[32m+[m[32m    $url['query'] = str_replace('%3A', ':', $url['query']);[m
+[32m+[m[32m}[m
+ [m
+ // Log any other case of URL not parsable that we don't know of yet.[m
+ if ($url === false) {[m
+[36m@@ -48,7 +52,7 @@[m [mif (! array_key_exists($url['path'], $urls) && ! $api_url) {[m
+ }[m
+ [m
+ // Always redirect to an url ending with slashes[m
+[31m-$temp_url = parse_url($_SERVER['REQUEST_URI']);[m
+[32m+[m[32m$temp_url = parse_url(str_replace(':', '%3A', $_SERVER['REQUEST_URI']));[m
+ if (substr($temp_url['path'], -1) != '/') {[m
+     unset($temp_url);[m
+     header('Location:/' . $url['path'] . '/');[m
+[1mdiff --git a/app/models/api/entity.php b/app/models/api/entity.php[m
+[1mindex 7699212..801d292 100644[m
+[1m--- a/app/models/api/entity.php[m
+[1m+++ b/app/models/api/entity.php[m
+[36m@@ -4,9 +4,9 @@[m [mnamespace Transvision;[m
+ use Cache\Cache;[m
+ [m
+ $cache_id = $repo . $entity . 'alllocales';[m
+[31m-[m
+ if (! $translations = Cache::getKey($cache_id)) {[m
+     $translations = [];[m
+[32m+[m[32m    cli_dump($entity);[m
+ [m
+     foreach (Project::getRepositoryLocales($repo) as $locale_code) {[m
+         $strings = Utils::getRepoStrings($locale_code, $repo);[m
diff --git a/PR623.diff b/PR623.diff
@@ -0,0 +1,55 @@
+diff --git a/app/classes/Transvision/Utils.php b/app/classes/Transvision/Utils.php
+index 1a6fe9b..6901f8d 100644
+--- a/app/classes/Transvision/Utils.php
++++ b/app/classes/Transvision/Utils.php
+@@ -435,10 +435,26 @@ class Utils
+      * This is used on views which also exist in our public API
+      * https://github.com/mozfr/transvision/wiki/JSON-API
+      *
+-     * @return string URL with 'json' appended as part of the query string
++     * @param  boolean $swap_locales Defaults to False. If set to True, swap the
++     *                               values of locale and source_locale parameters.
++     * @return string  URL with 'json' appended as part of the query string
+      */
+-    public static function redirectToAPI()
++    public static function redirectToAPI($swap_locales = false)
+     {
+-        return $_SERVER["REQUEST_URI"] . (is_null($_SERVER['QUERY_STRING']) ? '?json' : '&json');
++        if (! $swap_locales) {
++            return $_SERVER['REQUEST_URI'] . (is_null($_SERVER['QUERY_STRING']) ? '?json' : '&json');
++        }
++
++        // We are going to split and then rebuild QUERY_STRING
++        parse_str($_SERVER['QUERY_STRING'], $args);
++
++        // Swap the values of locale and sourcelocale when $swap_locales = true
++        list($args['locale'], $args['sourcelocale']) = [$args['sourcelocale'], $args['locale']];
++
++        return explode('?', $_SERVER['REQUEST_URI'])[0]
++             . '?'
++             // We don't want to encode slashes in searches for entity names
++             .  urldecode(http_build_query($args))
++             . '&json';
+     }
+ }
+diff --git a/tests/units/Transvision/Utils.php b/tests/units/Transvision/Utils.php
+index 63d7a42..0653a72 100644
+--- a/tests/units/Transvision/Utils.php
++++ b/tests/units/Transvision/Utils.php
+@@ -458,12 +458,12 @@ class Utils extends atoum\test
+     {
+         return [
+             [
+-                'http://transvision.mozfr.org/string/?entity=browser/chrome/browser/downloads/downloads.properties:stateStarting&repo=central',
+-                'http://transvision.mozfr.org/string/?entity=browser/chrome/browser/downloads/downloads.properties:stateStarting&repo=central&json',
++                '/string/?entity=browser/chrome/browser/downloads/downloads.properties:stateStarting&repo=central',
++                '/string/?entity=browser/chrome/browser/downloads/downloads.properties:stateStarting&repo=central&json',
+             ],
+             [
+-                'http://transvision.mozfr.org/api/v1/versions/',
+-                'http://transvision.mozfr.org/api/v1/versions/?json',
++                '/api/v1/versions/',
++                '/api/v1/versions/?json',
+             ],
+         ];
+     }
diff --git a/app/inc/router.php b/app/inc/router.php
@@ -1,6 +1,25 @@
 <?php
 
-$url  = parse_url($_SERVER['REQUEST_URI']);
+/*
+    In Transvision we can have queries with a semicolon and a number that lead
+    to URLs that parse_url() can't parse probably because it thinks that it is a
+    port definition. ex:
+    ?sourcelocale=en-US&locale=fr&repo=beta&search_type=entities&recherche=mail/chrome/messenger/mime.properties:1008
+
+    That's why we escape the semicolon to %3A before parsing it and then revert
+    that change in the query variable created.
+*/
+$url = parse_url(str_replace(':', '%3A', $_SERVER['REQUEST_URI']));
+
+if (isset($url['query'])) {
+    $url['query'] = str_replace('%3A', ':', $url['query']);
+}
+
+// Log any other case of URL not parsable that we don't know of yet.
+if ($url === false) {
+    error_log('app/inc/router.php: ' . $_SERVER['REQUEST_URI'] . ' is not parsable.');
+}
+
 $file = pathinfo($url['path']);
 
 // Real files and folders don't get pre-processed
@@ -33,7 +52,7 @@
 }
 
 // Always redirect to an url ending with slashes
-$temp_url = parse_url($_SERVER['REQUEST_URI']);
+$temp_url = parse_url(str_replace(':', '%3A', $_SERVER['REQUEST_URI']));
 if (substr($temp_url['path'], -1) != '/') {
     unset($temp_url);
     header('Location:/' . $url['path'] . '/');

diff --git a/headers.diff b/headers.diff
@@ -0,0 +1,154 @@
+diff --git a/app/classes/Transvision/Utils.php b/app/classes/Transvision/Utils.php
+index 951b835..9b1e3b3 100644
+--- a/app/classes/Transvision/Utils.php
++++ b/app/classes/Transvision/Utils.php
+@@ -348,23 +348,44 @@ class Utils
+      *
+      * @return void
+      */
+-    public static function logScriptPerformances()
++    public static function getScriptPerformances()
+     {
++        $memory_peak    = memory_get_peak_usage(true);
++        $memory_peak_MB = round((memory_get_peak_usage(true) / (1024 * 1024)), 2);
++        $render_time    = round((microtime(true) - $_SERVER['REQUEST_TIME_FLOAT']), 4);
++
++        return [$memory_peak, $memory_peak_MB, $render_time];
++    }
++
++    /**
++     * Utility function to log the memory used by a script
++     * and the time needed to generate the page
++     *
++     * @return void
++     */
++    public static function logScriptPerformances($data = false)
++    {
++        list($memory_peak, $memory_peak_MB, $render_time) = self::getScriptPerformances();
++
+         if (DEBUG && PERF_CHECK) {
+-            $memory = 'Memory peak: '
+-                      . memory_get_peak_usage(true)
+-                      . ' ('
+-                      . round((memory_get_peak_usage(true) / (1024 * 1024)), 2)
+-                      . 'MB)';
+-            $render_time = 'Elapsed time (s): '
+-                           . round((microtime(true) - $_SERVER['REQUEST_TIME_FLOAT']), 4);
+-            error_log($memory);
+-            error_log($render_time);
+-            header('Transvision-perf: ' . $memory . '; ' . $render_time);
++            error_log("Memory peak: {$memory_peak} ({$memory_peak_MB}MB)");
++            error_log("Elapsed time (s): {$render_time}");
+         }
+     }
+
+     /**
++     * Utility function to log the memory used by a script
++     * and the time needed to generate the page
++     *
++     * @return void
++     */
++    public static function outputPerfHeader()
++    {
++        list($memory_peak, $memory_peak_MB, $render_time) = self::getScriptPerformances();
++        header("Transvision-perf: {$memory_peak} ({$memory_peak_MB}MB) ; {$render_time}s");
++    }
++
++    /**
+      * Generate a red to green color from a numeric value
+      *
+      * @return the RGB values separated by a comma
+diff --git a/app/controllers/api.php b/app/controllers/api.php
+index 0102e81..e7e0bb4 100644
+--- a/app/controllers/api.php
++++ b/app/controllers/api.php
+@@ -8,6 +8,8 @@ $request = new API($url);
+ if (! $request->isValidRequest()) {
+     $json = $request->invalidAPICall();
+     include VIEWS . 'json.php';
++
++    return;
+ }
+
+ switch ($request->getService()) {
+diff --git a/app/inc/dispatcher.php b/app/inc/dispatcher.php
+index b7e2416..b91e22b 100644
+--- a/app/inc/dispatcher.php
++++ b/app/inc/dispatcher.php
+@@ -115,15 +115,27 @@ if ($template) {
+     $content = ob_get_contents();
+     ob_end_clean();
+
++    ob_start();
+     // display the page
+     require_once VIEWS . 'templates/base.php';
++    $content = ob_get_contents();
++    ob_end_clean();
+ } else {
++    ob_start();
+     if (isset($view)) {
+         include VIEWS . $view . '.php';
+     } else {
+         include CONTROLLERS . $controller . '.php';
+     }
++    $content = ob_get_contents();
++    ob_end_clean();
+ }
+-
+-// Log script performance in PHP integrated developement server console
++ob_start();
++Utils::outputPerfHeader();
++$perf_header = ob_get_contents();
+ Utils::logScriptPerformances();
++ob_end_clean();
++print $perf_header . $content;
++die;
++// Log script performance in PHP integrated developement server console
++
+diff --git a/app/views/json.php b/app/views/json.php
+index 8c47f9c..1bd94b9 100644
+--- a/app/views/json.php
++++ b/app/views/json.php
+@@ -12,7 +12,7 @@ Utils::logScriptPerformances();
+
+ // We die here because we never want to send anything more after the JSON file
+ $json_data = new Json;
+-die($json_data->outputContent(
++print $json_data->outputContent(
+     $json,
+     isset($_GET['callback']) ? $_GET['callback'] : false
+-));
++);
+diff --git a/app/views/templates/base.php b/app/views/templates/base.php
+index e284435..3815faa 100644
+--- a/app/views/templates/base.php
++++ b/app/views/templates/base.php
+@@ -1,8 +1,6 @@
+ <?php
+ namespace Transvision;
+
+-ob_start();
+-
+ $check['repo']  = isset($check['repo']) ? $check['repo'] : 'aurora';
+ $source_locale  = isset($source_locale) ? $source_locale : 'en-US';
+ $locale         = isset($locale) ? $locale : 'fr';
+@@ -64,7 +62,6 @@ if (file_exists(CACHE_PATH . 'lastdataupdate.txt')) {
+ } else {
+     $last_update = "<p>Data last updated: not available.</p>\n";
+ }
+-
+ ?>
+ <!doctype html>
+
+@@ -152,11 +149,3 @@ if (! LOCAL_DEV) {
+ ?>
+ </body>
+ </html>
+-
+-<?php
+-
+-$content = ob_get_contents();
+-
+-ob_end_clean();
+-
+-print $content;
diff --git a/transl.php b/transl.php
@@ -0,0 +1,7 @@
+<?php
+namespace Foo;
+
+$source = 'Завирите у будућност';
+$t = Transliterator::create('Serbian-Latin/BGN');
+print "Serbian (Cyrillic): $source <br>";
+print "Serbian (Latin): {$t->transliterate($source)}";