Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[Security] fixed path info encoding (closes #6040, closes #5695)

  • Loading branch information...
commit 547b1b0225cd1d9561f370a7efd4b76f0f9260f3 1 parent a24042b
Fabien Potencier fabpot authored
Showing with 6 additions and 1 deletion.
  1. +1 −1  Http/HttpUtils.php
  2. +5 −0 Tests/Http/HttpUtilsTest.php
2  Http/HttpUtils.php
View
@@ -106,7 +106,7 @@ public function checkRequestPath(Request $request, $path)
}
}
- return $path === $request->getPathInfo();
+ return $path === rawurldecode($request->getPathInfo());
}
/**
5 Tests/Http/HttpUtilsTest.php
View
@@ -97,6 +97,11 @@ public function testCheckRequestPath()
$this->assertTrue($utils->checkRequestPath($this->getRequest(), '/'));
$this->assertFalse($utils->checkRequestPath($this->getRequest(), '/foo'));
+ $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo%20bar'), '/foo bar'));
+ // Plus must not decoded to space
+ $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo+bar'), '/foo+bar'));
+ // Checking unicode
+ $this->assertTrue($utils->checkRequestPath($this->getRequest(urlencode('/вход')), '/вход'));
$urlMatcher = $this->getMock('Symfony\Component\Routing\Matcher\UrlMatcherInterface');
$urlMatcher
Please sign in to comment.
Something went wrong with that request. Please try again.