in case uri and script name don't match we better throw an exception

This commit is contained in:
Thomas Müller 2013-11-25 14:42:34 +01:00
parent a0a665ea45
commit b9fed935b4
2 changed files with 32 additions and 2 deletions

View File

@ -138,8 +138,16 @@ class OC_Request {
public static function getRawPathInfo() {
$requestUri = $_SERVER['REQUEST_URI'];
// remove too many leading slashes - can be caused by reverse proxy configuration
$requestUri = '/' . ltrim($requestUri, '/');
$path_info = substr($requestUri, strlen($_SERVER['SCRIPT_NAME']));
if (strpos($requestUri, '/') === 0) {
$requestUri = '/' . ltrim($requestUri, '/');
}
$scriptName = $_SERVER['SCRIPT_NAME'];
// in case uri and script name don't match we better throw an exception
if (strpos($requestUri, $scriptName) !== 0) {
throw new Exception("REQUEST_URI($requestUri) does not start with the SCRIPT_NAME($scriptName)");
}
$path_info = substr($requestUri, strlen($scriptName));
// Remove the query string from REQUEST_URI
if ($pos = strpos($path_info, '?')) {
$path_info = substr($path_info, 0, $pos);

View File

@ -39,8 +39,30 @@ class Test_Request extends PHPUnit_Framework_TestCase {
function rawPathInfoProvider() {
return array(
array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'),
array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'),
array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'),
);
}
/**
* @dataProvider rawPathInfoThrowsExceptionProvider
* @expectedException Exception
*
* @param $requestUri
* @param $scriptName
*/
public function testRawPathInfoThrowsException($requestUri, $scriptName) {
$_SERVER['REQUEST_URI'] = $requestUri;
$_SERVER['SCRIPT_NAME'] = $scriptName;
OC_Request::getRawPathInfo();
}
function rawPathInfoThrowsExceptionProvider() {
return array(
array('core/ajax/translations.php', '/index.php'),
array('/core/ajax/translations.php', '/index.php'),
array('//core/ajax/translations.php', '/index.php'),
);
}
}