bug #17287 [HttpKernel] Forcing string comparison on query parameters sort in UriSigner (Tim van Densen)
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #17287).
Discussion
----------
[HttpKernel] Forcing string comparison on query parameters sort in UriSigner
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The signing of an url fails when using query parameters with integers as keys.
The ksort function in the ```UriSigner``` class changes the order of the query params and causes to generate a different hash which results in a failed check.
In this PR we force a string comparison for ksort which keeps the correct order of parameters.
Commits
-------
2040139
Added sort order SORT_STRING for params in UriSigner
This commit is contained in:
commit
5d63c554e8
@ -33,6 +33,7 @@ class UriSignerTest extends \PHPUnit_Framework_TestCase
|
|||||||
|
|
||||||
$this->assertTrue($signer->check($signer->sign('http://example.com/foo')));
|
$this->assertTrue($signer->check($signer->sign('http://example.com/foo')));
|
||||||
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar')));
|
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar')));
|
||||||
|
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&0=integer')));
|
||||||
|
|
||||||
$this->assertTrue($signer->sign('http://example.com/foo?foo=bar&bar=foo') === $signer->sign('http://example.com/foo?bar=foo&foo=bar'));
|
$this->assertTrue($signer->sign('http://example.com/foo?foo=bar&bar=foo') === $signer->sign('http://example.com/foo?bar=foo&foo=bar'));
|
||||||
}
|
}
|
||||||
|
@ -91,8 +91,8 @@ class UriSigner
|
|||||||
|
|
||||||
private function buildUrl(array $url, array $params = array())
|
private function buildUrl(array $url, array $params = array())
|
||||||
{
|
{
|
||||||
ksort($params);
|
ksort($params, SORT_STRING);
|
||||||
$url['query'] = http_build_query($params);
|
$url['query'] = http_build_query($params, '', '&');
|
||||||
|
|
||||||
$scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
|
$scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
|
||||||
$host = isset($url['host']) ? $url['host'] : '';
|
$host = isset($url['host']) ? $url['host'] : '';
|
||||||
|
Reference in New Issue
Block a user