8000 bug #17595 [HttpKernel] Remove _path from query parameters when fragm… · symfony/symfony@154eac7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 154eac7

Browse files
fabpotfabpot
committed
bug #17595 [HttpKernel] Remove _path from query parameters when fragment is a subrequest (cmenning)
This PR was merged into the 2.3 branch. Discussion ---------- [HttpKernel] Remove _path from query parameters when fragment is a subrequest | Q | A | ------------- | --- | Bug fix? | Yes | New feature? | No | BC breaks? | No | Deprecations? | No | Tests pass? | Yes | Fixed tickets | | License | MIT | Doc PR | Prior to 2.3.29, all requests to the ESI fragment path ("/_fragment" by default) would have the "_path" query parameter removed. This held true whether an external proxy (such as Varnish) handled the request as true ESI, or whether the Symfony kernel was mocking ESI behavior and inlining the subrequest. Once the "_controller" check was added in 2.3.29, the "_path" query parameter was only removed on master requests (such as those coming from an external proxy) and not subrequests, leading to differing behavior in production and development settings. Commits ------- c374420 Remove _path from query parameters when fragment is a subrequest and request attributes are already set Added tests for _path removal in FragmentListener
2 parents 5b577dd + c374420 commit 154eac7

File tree

2 files changed

+33
-1
lines changed

2 files changed

+33
-1
lines changed

src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,14 @@ public function onKernelRequest(GetResponseEvent $event)
5858
{
5959
$request = $event->getRequest();
6060

61-
if ($request->attributes->has('_controller') || $this->fragmentPath !== rawurldecode($request->getPathInfo())) {
61+
if ($this->fragmentPath !== rawurldecode($request->getPathInfo())) {
62+
return;
63+
}
64+
65+
if ($request->attributes->has('_controller')) {
66+
// Is a sub-request: no need to parse _path but it should still be removed from query parameters as below.
67+
$request->query->remove('_path');
68+
6269
return;
6370
}
6471

src/Symfony/Component/HttpKernel/Tests/EventListener/FragmentListenerTest.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,31 @@ public function testWithSignature()
8989
$this->assertFalse($request->query->has('_path'));
9090
}
9191

92+
public function testRemovesPathWithControllerDefined()
93+
{
94+
$request = Request::create('http://example.com/_fragment?_path=foo%3Dbar%26_controller%3Dfoo');
95+
96+
$listener = new FragmentListener(new UriSigner('foo'));
97+
$event = $this->createGetResponseEvent($request, HttpKernelInterface::SUB_REQUEST);
98+
99+
$listener->onKernelRequest($event);
100+
101+
$this->assertFalse($request->query->has('_path'));
102+
}
103+
104+
public function testRemovesPathWithControllerNotDefined()
105+
{
106+
$signer = new UriSigner('foo');
107+
$request = Request::create($signer->sign('http://example.com/_fragment?_path=foo%3Dbar'), 'GET', array(), array(), array(), array('REMOTE_ADDR' => '10.0.0.1'));
108+
109+
$listener = new FragmentListener($signer);
110+
$event = $this->createGetResponseEvent($request);
111+
112+
$listener->onKernelRequest($event);
113+
114+
$this->assertFalse($request->query->has('_path'));
115+
}
116+
92117
private function createGetResponseEvent(Request $request, $requestType = HttpKernelInterface::MASTER_REQUEST)
93118
{
94119
return new GetResponseEvent($this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'), $request, $requestType);

0 commit comments

Comments
 (0)
0