8000 Correctly Render Signed URIs Containing Fragments · symfony/symfony@e4cfa4e · GitHub
[go: up one dir, main page]
Skip to content

Commit e4cfa4e

Browse files
zanbaldwinzanbaldwin
committed
Correctly Render Signed URIs Containing Fragments
Rebuild the URL with the computed hash instead of appending it onto the end of the fragment.
1 parent 44e9a91 commit e4cfa4e

File tree

5 files changed

+21
-8
lines changed

5 files changed

+21
-8
lines changed

src/Symfony/Component/HttpKernel/Tests/Fragment/EsiFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ public function testRenderControllerReference()
7272
$altReference = new ControllerReference('alt_controller', array(), array());
7373

7474
$this->assertEquals(
75-
'<esi:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller&_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D" alt="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller&_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D" />',
75+
'<esi:include src="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',
7676
$strategy->render($reference, $request, array('alt' => $altReference))->getContent()
7777
);
7878
}

src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ public function testRenderWithControllerAndSigner()
3232
{
3333
$strategy = new HIncludeFragmentRenderer(null, new UriSigner('foo'));
3434

35-
$this->assertEquals('<hx:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller&amp;_hash=BP%2BOzCD5MRUI%2BHJpgPDOmoju00FnzLhP3TGcSHbbBLs%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
35+
$this->assertEquals('<hx:include src="/_fragment?_hash=BP%2BOzCD5MRUI%2BHJpgPDOmoju00FnzLhP3TGcSHbbBLs%3D&amp;_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
3636
}
3737

3838
public function testRenderWithUri()

src/Symfony/Component/HttpKernel/Tests/Fragment/SsiFragmentRendererTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ public function testRenderControllerReference()
5151
$altReference = new ControllerReference('alt_controller', array(), array());
5252

5353
$this->assertEquals(
54-
'<!--#include virtual="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller&_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D" -->',
54+
'<!--#include virtual="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',
5555
$strategy->render($reference, $request, array('alt' => $altReference))->getContent()
5656
);
5757
}

src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ public function testSign()
2121
$signer = new UriSigner('foobar');
2222

2323
$this->assertContains('?_hash=', $signer->sign('http://example.com/foo'));
24-
$this->assertContains('&_hash=', $signer->sign('http://example.com/foo?foo=bar'));
24+
$this->assertContains('?_hash=', $signer->sign('http://example.com/foo?foo=bar'));
25+
$this->assertContains('&foo=', $signer->sign('http://example.com/foo?foo=bar'));
2526
}
2627

2728
public function testCheck()
@@ -45,7 +46,7 @@ public function testCheckWithDifferentArgSeparator()
4546
$signer = new UriSigner('foobar');
4647

4748
$this->assertSame(
48-
'http://example.com/foo?baz=bay&foo=bar&_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
49+
'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',
4950
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
5051
);
5152
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
@@ -61,4 +62,15 @@ public function testCheckWithDifferentParameter()
6162
);
6263
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
6364
}
65+
66+
public function testSignerWorksWithFragments()
67+
{
68+
$signer = new UriSigner('foobar');
69+
70+
$this->assertSame(
71+
'http://example.com/foo?_hash=EhpAUyEobiM3QTrKxoLOtQq5IsWyWedoXDPqIjzNj5o%3D&bar=foo&foo=bar#foobar',
72+
$signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')
73+
);
74+
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')));
75+
}
6476
}

src/Symfony/Component/HttpKernel/UriSigner.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,9 @@ public function sign($uri)
5151
}
5252

5353
$uri = $this->buildUrl($url, $params);
54+
$params[$this->parameter] = $this->computeHash($uri);
5455

55-
return $uri.(false === strpos($uri, '?') ? '?' : '&').$this->parameter.'='.$this->computeHash($uri);
56+
return $this->buildUrl($url, $params);
5657
}
5758

5859
/**
@@ -75,15 +76,15 @@ public function check($uri)
7576
return false;
7677
}
7778

78-
$hash = urlencode($params[$this->parameter]);
79+
$hash = $params[$this->parameter];
7980
unset($params[$this->parameter]);
8081

8182
return $this->computeHash($this->buildUrl($url, $params)) === $hash;
8283
}
8384

8485
private function computeHash($uri)
8586
{
86-
return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true)));
87+
return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
8788
}
8889

8990
private function buildUrl(array $url, array $params = array())

0 commit comments

Comments
 (0)
0