[Security] fixed path info encoding (closes #6040, closes #5695)

fabpot · fabpot · commit d6a402a28357 · 2012-12-11T10:40:23.000+01:00
diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php
@@ -106,7 +106,7 @@ public function checkRequestPath(Request $request, $path)
             }
         }
 
-        return $path === $request->getPathInfo();
+        return $path === rawurldecode($request->getPathInfo());
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php
@@ -97,6 +97,11 @@ public function testCheckRequestPath()
 
         $this->assertTrue($utils->checkRequestPath($this->getRequest(), '/'));
         $this->assertFalse($utils->checkRequestPath($this->getRequest(), '/foo'));
+        $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo%20bar'), '/foo bar'));
+        // Plus must not decoded to space
+        $this->assertTrue($utils->checkRequestPath($this->getRequest('/foo+bar'), '/foo+bar'));
+        // Checking unicode
+        $this->assertTrue($utils->checkRequestPath($this->getRequest(urlencode('/вход')), '/вход'));
 
         $urlMatcher = $this->getMock('Symfony\Component\Routing\Matcher\UrlMatcherInterface');
         $urlMatcher

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ public function checkRequestPath(Request $request, $path)`
`106`	`106`	`}`
`107`	`107`	`}`
`108`	`108`
`109`		`- return $path === $request->getPathInfo();`
	`109`	`+ return $path === rawurldecode($request->getPathInfo());`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`/**`