fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 12:02:24 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove invalid characters from REQUEST_URI

Browse source
This commit is contained in:
Kijin Sung 2018-07-31 19:08:02 +09:00
parent b62a1322c9
commit 109203d12b
3 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
common/framework/url.php
View file

@ -18,7 +18,8 @@ class URL
*/ */
public static function getCurrentURL(array $changes = array()) public static function getCurrentURL(array $changes = array())
{ {
$url = self::getCurrentDomainURL(isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/'); $request_uri = preg_replace('/[<>"]/', '', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/');
$url = self::getCurrentDomainURL($request_uri);
if (count($changes)) if (count($changes))
{ {
return self::modifyURL($url, $changes); return self::modifyURL($url, $changes);

2
common/legacy.php
View file

@ -917,7 +917,7 @@ function getScriptPath()
*/ */
function getRequestUriByServerEnviroment() function getRequestUriByServerEnviroment()
{ {
return escape($_SERVER['REQUEST_URI']); return preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']);
} }
/** /**

9
tests/unit/framework/URLTest.php
View file

@ -9,7 +9,7 @@ class URLTest extends \Codeception\TestCase\Test
// Getting the current URL // Getting the current URL
$this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks', Rhymix\Framework\URL::getCurrentURL()); $this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks', Rhymix\Framework\URL::getCurrentURL());
// Adding items to the query string // Adding items to the query string
$this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks&var=1&arr%5B0%5D=2&arr%5B1%5D=3', Rhymix\Framework\URL::getCurrentURL(array('var' => '1', 'arr' => array(2, 3)))); $this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks&var=1&arr%5B0%5D=2&arr%5B1%5D=3', Rhymix\Framework\URL::getCurrentURL(array('var' => '1', 'arr' => array(2, 3))));
@ -22,6 +22,13 @@ class URLTest extends \Codeception\TestCase\Test
// Adding and removing parameters at the same time // Adding and removing parameters at the same time
$this->assertEquals('https://www.rhymix.org/rhymix/index.php?xe=sucks&l=ko', Rhymix\Framework\URL::getCurrentURL(array('l' => 'ko', 'foo' => null))); $this->assertEquals('https://www.rhymix.org/rhymix/index.php?xe=sucks&l=ko', Rhymix\Framework\URL::getCurrentURL(array('l' => 'ko', 'foo' => null)));
// Removing invalid characters in the current URL
$_SERVER['REQUEST_URI'] = '/rhymix/?foo="bar"';
$this->assertEquals('https://www.rhymix.org/rhymix/?foo=bar', Rhymix\Framework\URL::getCurrentURL());
$_SERVER['REQUEST_URI'] = '/rhymix/?foo=<bar&baz=rhymix>';
$this->assertEquals('https://www.rhymix.org/rhymix/?foo=bar&baz=rhymix', Rhymix\Framework\URL::getCurrentURL());
$this->assertEquals('https://www.rhymix.org/rhymix/?baz=rhymix&l=ko', Rhymix\Framework\URL::getCurrentURL(array('l' => 'ko', 'foo' => null)));
$_SERVER['REQUEST_URI'] = $old_request_uri; $_SERVER['REQUEST_URI'] = $old_request_uri;
} }