From cf850c1a151bc67edf07166cfe3024a26fd0e8b8 Mon Sep 17 00:00:00 2001 From: Alexandre Quercia Date: Thu, 6 Dec 2018 19:19:56 +0100 Subject: [PATCH] [HttpFoundation] Fix request uri when it starts with double slashes --- .../Component/HttpFoundation/Request.php | 22 ++++++--- .../HttpFoundation/Tests/RequestTest.php | 49 +++++++++++++++++++ 2 files changed, 64 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 89611660add2..10687e35c901 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -1837,15 +1837,23 @@ protected function prepareRequestUri() } elseif ($this->server->has('REQUEST_URI')) { $requestUri = $this->server->get('REQUEST_URI'); - // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, only use URL path - $uriComponents = parse_url($requestUri); + if ('' !== $requestUri && '/' === $requestUri[0]) { + // To only use path and query remove the fragment. + if (false !== $pos = strpos($requestUri, '#')) { + $requestUri = substr($requestUri, 0, $pos); + } + } else { + // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, + // only use URL path. + $uriComponents = parse_url($requestUri); - if (isset($uriComponents['path'])) { - $requestUri = $uriComponents['path']; - } + if (isset($uriComponents['path'])) { + $requestUri = $uriComponents['path']; + } - if (isset($uriComponents['query'])) { - $requestUri .= '?'.$uriComponents['query']; + if (isset($uriComponents['query'])) { + $requestUri .= '?'.$uriComponents['query']; + } } } elseif ($this->server->has('ORIG_PATH_INFO')) { // IIS 5.0, PHP as CGI diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index 539bb69cfb7c..f2c8f94f7723 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -283,6 +283,55 @@ public function testCreateWithRequestUri() $this->assertEquals('http://test.com/foo', $request->getUri()); } + /** + * @dataProvider getRequestUriData + */ + public function testGetRequestUri($serverRequestUri, $expected, $message) + { + $request = new Request(); + $request->server->add(array( + 'REQUEST_URI' => $serverRequestUri, + + // For having http://test.com + 'SERVER_NAME' => 'test.com', + 'SERVER_PORT' => 80, + )); + + $this->assertSame($expected, $request->getRequestUri(), $message); + $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.'); + } + + public function getRequestUriData() + { + $message = 'Do not modify the path.'; + yield array('/foo', '/foo', $message); + yield array('//bar/foo', '//bar/foo', $message); + yield array('///bar/foo', '///bar/foo', $message); + + $message = 'Handle when the scheme, host are on REQUEST_URI.'; + yield array('http://test.com/foo?bar=baz', '/foo?bar=baz', $message); + + $message = 'Handle when the scheme, host and port are on REQUEST_URI.'; + yield array('http://test.com:80/foo', '/foo', $message); + yield array('https://test.com:8080/foo', '/foo', $message); + yield array('https://test.com:443/foo', '/foo', $message); + + $message = 'Fragment should not be included in the URI'; + yield array('http://test.com/foo#bar', '/foo', $message); + yield array('/foo#bar', '/foo', $message); + } + + public function testGetRequestUriWithoutRequiredHeader() + { + $expected = ''; + + $request = new Request(); + + $message = 'Fallback to empty URI when headers are missing.'; + $this->assertSame($expected, $request->getRequestUri(), $message); + $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.'); + } + public function testCreateCheckPrecedence() { // server is used by default