Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'hotfix/2952'

Close #2952
  • Loading branch information...
commit 48d5c867e9446724e511e40729bc4904762e776a 2 parents a2bd499 + 025d365
@weierophinney weierophinney authored
View
4 library/Zend/Mvc/Router/Http/Regex.php
@@ -131,7 +131,7 @@ public function match(Request $request, $pathOffset = null)
if (is_numeric($key) || is_int($key) || $value === '') {
unset($matches[$key]);
} else {
- $matches[$key] = urldecode($value);
+ $matches[$key] = rawurldecode($value);
}
}
@@ -156,7 +156,7 @@ public function assemble(array $params = array(), array $options = array())
$spec = '%' . $key . '%';
if (strpos($url, $spec) !== false) {
- $url = str_replace($spec, urlencode($value), $url);
+ $url = str_replace($spec, rawurlencode($value), $url);
$this->assembledParams[] = $key;
}
View
12 library/Zend/Mvc/Router/Http/Segment.php
@@ -44,15 +44,15 @@ class Segment implements RouteInterface
'%28' => "(", // sub-delims
'%29' => ")", // sub-delims
'%2A' => "*", // sub-delims
-// '%2B' => "+", // sub-delims - special value for php/urlencode
+ '%2B' => "+", // sub-delims
'%2C' => ",", // sub-delims
-// '%2D' => "-", // unreserved - not touched by urlencode
-// '%2E' => ".", // unreserved - not touched by urlencode
+// '%2D' => "-", // unreserved - not touched by rawurlencode
+// '%2E' => ".", // unreserved - not touched by rawurlencode
'%3A' => ":", // pchar
'%3B' => ";", // sub-delims
'%3D' => "=", // sub-delims
'%40' => "@", // pchar
-// '%5F' => "_", // unreserved - not touched by urlencode
+// '%5F' => "_", // unreserved - not touched by rawurlencode
'%7E' => "~", // unreserved
);
@@ -408,7 +408,7 @@ public function getAssembledParams()
*/
private function encode($value)
{
- $encoded = urlencode($value);
+ $encoded = rawurlencode($value);
$encoded = strtr($encoded, static::$urlencodeCorrectionMap);
return $encoded;
}
@@ -421,6 +421,6 @@ private function encode($value)
*/
private function decode($value)
{
- return urldecode($value);
+ return rawurldecode($value);
}
}
View
6 library/Zend/Mvc/Router/Http/Wildcard.php
@@ -134,7 +134,7 @@ public function match(Request $request, $pathOffset = null)
for ($i = 1; $i < $count; $i += 2) {
if (isset($params[$i + 1])) {
- $matches[urldecode($params[$i])] = urldecode($params[$i + 1]);
+ $matches[rawurldecode($params[$i])] = rawurldecode($params[$i + 1]);
}
}
} else {
@@ -144,7 +144,7 @@ public function match(Request $request, $pathOffset = null)
$param = explode($this->keyValueDelimiter, $param, 2);
if (isset($param[1])) {
- $matches[urldecode($param[0])] = urldecode($param[1]);
+ $matches[rawurldecode($param[0])] = rawurldecode($param[1]);
}
}
}
@@ -168,7 +168,7 @@ public function assemble(array $params = array(), array $options = array())
if ($mergedParams) {
foreach ($mergedParams as $key => $value) {
- $elements[] = urlencode($key) . $this->keyValueDelimiter . urlencode($value);
+ $elements[] = rawurlencode($key) . $this->keyValueDelimiter . rawurlencode($value);
$this->assembledParams[] = $key;
}
View
28 tests/ZendTest/Mvc/Router/Http/RegexTest.php
@@ -53,7 +53,7 @@ public static function routeProvider()
),
'url-encoded-parameters-are-decoded' => array(
new Regex('/(?<foo>[^/]+)', '/%foo%'),
- '/foo+bar',
+ '/foo%20bar',
null,
array('foo' => 'foo bar')
),
@@ -148,4 +148,30 @@ public function testFactory()
)
);
}
+
+ public function testRawDecode()
+ {
+ // verify all characters which don't absolutely require encoding pass through match unchanged
+ // this includes every character other than #, %, / and ?
+ $raw = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',.~!@$^&*()_+{}|:"<>';
+ $request = new Request();
+ $request->setUri('http://example.com/' . $raw);
+ $route = new Regex('/(?<foo>[^/]+)', '/%foo%');
+ $match = $route->match($request);
+
+ $this->assertSame($raw, $match->getParam('foo'));
+ }
+
+ public function testEncodedDecode()
+ {
+ // every character
+ $in = '%61%62%63%64%65%66%67%68%69%6a%6b%6c%6d%6e%6f%70%71%72%73%74%75%76%77%78%79%7a%41%42%43%44%45%46%47%48%49%4a%4b%4c%4d%4e%4f%50%51%52%53%54%55%56%57%58%59%5a%30%31%32%33%34%35%36%37%38%39%60%2d%3d%5b%5d%5c%3b%27%2c%2e%2f%7e%21%40%23%24%25%5e%26%2a%28%29%5f%2b%7b%7d%7c%3a%22%3c%3e%3f';
+ $out = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',./~!@#$%^&*()_+{}|:"<>?';
+ $request = new Request();
+ $request->setUri('http://example.com/' . $in);
+ $route = new Regex('/(?<foo>[^/]+)', '/%foo%');
+ $match = $route->match($request);
+
+ $this->assertSame($out, $match->getParam('foo'));
+ }
}
View
32 tests/ZendTest/Mvc/Router/Http/SegmentTest.php
@@ -149,15 +149,15 @@ public static function routeProvider()
),
'url-encoded-parameters-are-decoded' => array(
new Segment('/:foo'),
- '/foo+bar',
+ '/foo%20bar',
null,
array('foo' => 'foo bar')
),
'urlencode-flaws-corrected' => array(
new Segment('/:foo'),
- "/!$&'()*,-.:;=@_~",
+ "/!$&'()*,-.:;=@_~+",
null,
- array('foo' => "!$&'()*,-.:;=@_~")
+ array('foo' => "!$&'()*,-.:;=@_~+")
),
'empty-matches-are-replaced-with-defaults' => array(
new Segment('/foo[/:bar]/baz-:baz', array(), array('bar' => 'bar')),
@@ -311,4 +311,30 @@ public function testFactory()
)
);
}
+
+ public function testRawDecode()
+ {
+ // verify all characters which don't absolutely require encoding pass through match unchanged
+ // this includes every character other than #, %, / and ?
+ $raw = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',.~!@$^&*()_+{}|:"<>';
+ $request = new Request();
+ $request->setUri('http://example.com/' . $raw);
+ $route = new Segment('/:foo');
+ $match = $route->match($request);
+
+ $this->assertSame($raw, $match->getParam('foo'));
+ }
+
+ public function testEncodedDecode()
+ {
+ // every character
+ $in = '%61%62%63%64%65%66%67%68%69%6a%6b%6c%6d%6e%6f%70%71%72%73%74%75%76%77%78%79%7a%41%42%43%44%45%46%47%48%49%4a%4b%4c%4d%4e%4f%50%51%52%53%54%55%56%57%58%59%5a%30%31%32%33%34%35%36%37%38%39%60%2d%3d%5b%5d%5c%3b%27%2c%2e%2f%7e%21%40%23%24%25%5e%26%2a%28%29%5f%2b%7b%7d%7c%3a%22%3c%3e%3f';
+ $out = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',./~!@#$%^&*()_+{}|:"<>?';
+ $request = new Request();
+ $request->setUri('http://example.com/' . $in);
+ $route = new Segment('/:foo');
+ $match = $route->match($request);
+
+ $this->assertSame($out, $match->getParam('foo'));
+ }
}
View
28 tests/ZendTest/Mvc/Router/Http/WildcardTest.php
@@ -78,7 +78,7 @@ public static function routeProvider()
),
'url-encoded-parameters-are-decoded' => array(
new Wildcard(),
- '/foo/foo+bar',
+ '/foo/foo%20bar',
null,
array('foo' => 'foo bar')
),
@@ -162,4 +162,30 @@ public function testFactory()
array()
);
}
+
+ public function testRawDecode()
+ {
+ // verify all characters which don't absolutely require encoding pass through match unchanged
+ // this includes every character other than #, %, / and ?
+ $raw = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',.~!@$^&*()_+{}|:"<>';
+ $request = new Request();
+ $request->setUri('http://example.com/foo/' . $raw);
+ $route = new Wildcard();
+ $match = $route->match($request);
+
+ $this->assertSame($raw, $match->getParam('foo'));
+ }
+
+ public function testEncodedDecode()
+ {
+ // every character
+ $in = '%61%62%63%64%65%66%67%68%69%6a%6b%6c%6d%6e%6f%70%71%72%73%74%75%76%77%78%79%7a%41%42%43%44%45%46%47%48%49%4a%4b%4c%4d%4e%4f%50%51%52%53%54%55%56%57%58%59%5a%30%31%32%33%34%35%36%37%38%39%60%2d%3d%5b%5d%5c%3b%27%2c%2e%2f%7e%21%40%23%24%25%5e%26%2a%28%29%5f%2b%7b%7d%7c%3a%22%3c%3e%3f';
+ $out = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`-=[]\\;\',./~!@#$%^&*()_+{}|:"<>?';
+ $request = new Request();
+ $request->setUri('http://example.com/foo/' . $in);
+ $route = new Wildcard();
+ $match = $route->match($request);
+
+ $this->assertSame($out, $match->getParam('foo'));
+ }
}
Please sign in to comment.
Something went wrong with that request. Please try again.