merged branch Tobion/apache-pathinfo (PR #7656)

This PR was merged into the 2.1 branch. Discussion ---------- [HttpFoundation] do not use server variable PATH_INFO because it is already decoded (see http://www.ietf.org/rfc/rfc3875) and thus symfony is fragile to double encoding of the path. This is not really a security issue (in contrast to a [previous problem](http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released)) but when using the apacherequest, one could access pages with double encoded characters although the path should not match. BC break: no tests pass: yes Commits ------- d552e4c [HttpFoundation] do not use server variable PATH_INFO because it is already decoded and thus symfony is fragile to double encoding of the path
2013-04-12 17:12:59 +02:00 · 2013-04-12 17:12:59 +02:00 · ff56a9e8a3
commit ff56a9e8a3
parent c8889c2c73 d552e4c396
1 changed files with 0 additions and 8 deletions
--- a/src/Symfony/Component/HttpFoundation/ApacheRequest.php
+++ b/src/Symfony/Component/HttpFoundation/ApacheRequest.php
@ -40,12 +40,4 @@ class ApacheRequest extends Request

        return $baseUrl;
    }
-
-    /**
-     * {@inheritdoc}
-     */
-    protected function preparePathInfo()
-    {
-        return $this->server->get('PATH_INFO') ?: substr($this->prepareRequestUri(), strlen($this->prepareBaseUrl())) ?: '/';
-    }
 }