8000 bug #29679 [HttpKernel] Correctly Render Signed URIs Containing Fragm… · symfony/symfony@482f49a · GitHub
[go: up one dir, main page]
Skip to content

Commit 482f49a

Browse files
fabpotfabpot
committed
bug #29679 [HttpKernel] Correctly Render Signed URIs Containing Fragments (zanbaldwin)
This PR was merged into the 3.4 branch. Discussion ---------- [HttpKernel] Correctly Render Signed URIs Containing Fragments | Q | A | ------------- | --- | Branch? | `3.4` | Bug fix? | yes | New feature? | no | BC breaks? | no? | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a - Rebuild the URL with the computed hash instead of appending it onto the end of the fragment. - Update unit tests, and add new unit test to cover URIs that include fragments. Commits ------- b9ece6b [HttpKernel] Correctly Render Signed URIs Containing Fragments
2 parents 8555ffc + b9ece6b commit 482f49a

File tree

5 files changed

+21
-8
lines changed

5 files changed

+21
-8
lines changed

src/Symfony/Component/HttpKernel/Tests/Fragment/EsiFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ public function testRenderControllerReference()
7272
$altReference = new ControllerReference('alt_controller', array(), array());
7373

7474
$this->assertEquals(
75-
'<esi:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller&_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D" alt="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller&_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D" />',
75+
'<esi:include src="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',
7676
$strategy->render($reference, $request, array('alt' => $altReference))->getContent()
7777
);
7878
}

src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ public function testRenderWithControllerAndSigner()
3232
{
3333
$strategy = new HIncludeFragmentRenderer(null, new UriSigner('foo'));
3434

35-
$this->assertEquals('<hx:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller&amp;_hash=BP%2BOzCD5MRUI%2BHJpgPDOmoju00FnzLhP3TGcSHbbBLs%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
35+
$this->assertEquals('<hx:include src="/_fragment?_hash=BP%2BOzCD5MRUI%2BHJpgPDOmoju00FnzLhP3TGcSHbbBLs%3D&amp;_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
3636
}
3737

3838
public function testRenderWithUri()

src/Symfony/Component/HttpKernel/Tests/Fragment/SsiFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ public function testRenderControllerReference()
5151
$altReference = new ControllerReference('alt_controller', array(), array());
5252

5353
$this->assertEquals(
54-
'<!--#include virtual="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller&_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D" -->',
54+
'<!--#include virtual="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',
5555
$strategy->render($reference, $request, array('alt' => $altReference))->getContent()
5656
);
5757
}

src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ public function testSign()
2121
$signer = new UriSigner('foobar');
2222

2323
$this->assertContains('?_hash=', $signer->sign('http://example.com/foo'));
24-
$this->assertContains('&_hash=', $signer->sign('http://example.com/foo?foo=bar'));
24+
$this->assertContains('?_hash=', $signer->sign('http://example.com/foo?foo=bar'));
25+
$this->assertContains('&foo=', $signer->sign('http://example.com/foo?foo=bar'));
2526
}
2627

2728
public function testCheck()
@@ -45,7 +46,7 @@ public function testCheckWithDifferentArgSeparator()
4546
$signer = new UriSigner('foobar');
4647

4748
$this->assertSame(
48-
'http://example.com/foo?baz=bay&foo=bar&_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
49+
'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',
4950
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
5051
);
5152
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
@@ -61,4 +62,15 @@ public function testCheckWithDifferentParameter()
6162
);
6263
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
6364
}
65+
66+
public function testSignerWorksWithFragments()
67+
{
68+
$signer = new UriSigner('foobar');
69+
70+
$this->assertSame(
71+
'http://example.com/foo?_hash=EhpAUyEobiM3QTrKxoLOtQq5IsWyWedoXDPqIjzNj5o%3D&bar=foo&foo=bar#foobar',
72+
$signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')
73+
);
74+
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')));
75+
}
6476
}

src/Symfony/Component/HttpKernel/UriSigner.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,9 @@ public function sign($uri)
5151
}
5252

5353
$uri = $this->buildUrl($url, $params);
54+
$params[$this->parameter] = $this->computeHash($uri);
5455

55-
return $uri.(false === strpos($uri, '?') ? '?' : '&').$this->parameter.'='.$this->computeHash($uri);
56+
return $this->buildUrl($url, $params);
5657
}
5758

5859
/**
@@ -75,15 +76,15 @@ public function check($uri)
7576
return false;
7677
}
7778

78-
$hash = urlencode($params[$this->parameter]);
79+
$hash = $params[$this->parameter];
7980
unset($params[$this->parameter]);
8081

8182
return $this->computeHash($this->buildUrl($url, $params)) === $hash;
8283
}
8384

8485
private function computeHash($uri)
8586
{
86-
return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true)));
87+
return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
8788
}
8889

8990
private function buildUrl(array $url, array $params = array())

0 commit comments

Comments
 (0)
0