Permalink
Browse files

[Security] fixed path info encoding (closes #6040, closes #5695)

  • Loading branch information...
1 parent 47dfb9c commit d6a402a28357e2018cedc1fae24f94309569edad @fabpot fabpot committed Dec 11, 2012
@@ -106,7 +106,7 @@ public function checkRequestPath(Request $request, $path)
}
}
- return $path === $request->getPathInfo();
+ return $path === rawurldecode($request->getPathInfo());
}
/**
@@ -97,6 +97,11 @@ public function testCheckRequestPath()
$this->assertTrue($utils->checkRequestPath($this->getRequest(), '/'));
$this->assertFalse($utils->checkRequestPath($this->getRequest(), '/foo'));
+ $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo%20bar'), '/foo bar'));
+ // Plus must not decoded to space
+ $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo+bar'), '/foo+bar'));
+ // Checking unicode
+ $this->assertTrue($utils->checkRequestPath($this->getRequest(urlencode('/вход')), '/вход'));
$urlMatcher = $this->getMock('Symfony\Component\Routing\Matcher\UrlMatcherInterface');
$urlMatcher

0 comments on commit d6a402a

Please sign in to comment.