diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] fixed path info encoding (closes #6040, closes #5695)

Browse Source
This commit is contained in:
Fabien Potencier 2012-12-11 10:40:14 +01:00
parent 47dfb9cb6a
commit d6a402a283
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Http/HttpUtils.php
View File

@ -106,7 +106,7 @@ class HttpUtils
}
}
return $path === $request->getPathInfo();
return $path === rawurldecode($request->getPathInfo());
}
/**

5
src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php
View File

@ -97,6 +97,11 @@ class HttpUtilsTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($utils->checkRequestPath($this->getRequest(), '/'));
$this->assertFalse($utils->checkRequestPath($this->getRequest(), '/foo'));
$this->assertTrue($utils->checkRequestPath($this->getRequest('/foo%20bar'), '/foo bar'));
// Plus must not decoded to space
$this->assertTrue($utils->checkRequestPath($this->getRequest('/foo+bar'), '/foo+bar'));
// Checking unicode
$this->assertTrue($utils->checkRequestPath($this->getRequest(urlencode('/вход')), '/вход'));
$urlMatcher = $this->getMock('Symfony\Component\Routing\Matcher\UrlMatcherInterface');
$urlMatcher