From a263d969b438495afdcdc436be0d5cf007cc0709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Simon?= Date: Mon, 11 Mar 2013 06:59:49 +0100 Subject: [PATCH 1/4] [Security] use current request attributes to generate redirect url --- src/Symfony/Component/Security/Http/HttpUtils.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 81893ffc3490c..6fb24baa6fc6f 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -136,15 +136,15 @@ public function generateUri($request, $path) return $request->getUriForPath($path); } - return $this->generateUrl($path, true); + return $this->generateUrl($path, $request->attributes->all(), true); } - private function generateUrl($route, $absolute = false) + private function generateUrl($route, array $attributes = array(), $absolute = false) { if (null === $this->urlGenerator) { throw new \LogicException('You must provide a UrlGeneratorInterface instance to be able to use routes.'); } - return $this->urlGenerator->generate($route, array(), $absolute); + return $this->urlGenerator->generate($route, $attributes, $absolute); } } From 33e1799863f933feab7c38bb1dbb00943028c373 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Simon?= Date: Mon, 11 Mar 2013 15:49:58 +0100 Subject: [PATCH 2/4] [Security] added cleaning to login/logout redirection url --- .../Component/Security/Http/HttpUtils.php | 32 ++++++++++++++++++- .../Security/Tests/Http/HttpUtilsTest.php | 13 ++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 6fb24baa6fc6f..38b88906701f2 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -145,6 +145,36 @@ private function generateUrl($route, array $attributes = array(), $absolute = fa throw new \LogicException('You must provide a UrlGeneratorInterface instance to be able to use routes.'); } - return $this->urlGenerator->generate($route, $attributes, $absolute); + $url = $this->urlGenerator->generate($route, $attributes, $absolute); + + // unnecessary query string parameters must be removed from url + // (ie. query parameters that are presents in $attributes) + return $this->cleanQueryString($url, array_keys($attributes)); + } + + private function cleanQueryString($url, array $unwantedParameters = array()) + { + if (0 === count($unwantedParameters)) { + return $url; + } + + $position = strpos($url, '?'); + if (false === $position) { + return $url; + } + + $queryString = substr($url, $position + 1); + parse_str($queryString, $queryParameters); + + foreach ($unwantedParameters as $parameter) { + unset($queryParameters[$parameter]); + } + + $url = substr($url, 0, $position); + if (count($queryParameters) > 0) { + $url .= '?'.http_build_query($queryParameters); + } + + return $url; } } diff --git a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php index fc1b754db93ba..4d5cd4ace7232 100644 --- a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php +++ b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php @@ -137,6 +137,19 @@ public function testCheckRequestPathWithUrlMatcherLoadingException() $utils->checkRequestPath($this->getRequest(), 'foobar'); } + public function testCleanQueryString() + { + $utils = new HttpUtils($this->getUrlGenerator()); + $method = new \ReflectionMethod($utils, 'cleanQueryString'); + $method->setAccessible(true); + + $this->assertEquals('/path', $method->invoke($utils, '/path', array())); + $this->assertEquals('/path', $method->invoke($utils, '/path', array('a'))); + $this->assertEquals('/path?b=2', $method->invoke($utils, '/path?a=1&b=2', array('a'))); + $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2', array('a', 'b'))); + $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2', array('a', 'b', 'c'))); + } + private function getUrlGenerator() { $urlGenerator = $this->getMock('Symfony\Component\Routing\Generator\UrlGeneratorInterface'); From c4f1f93b4a6eb4547e97a559c43433da2c4d9fd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Simon?= Date: Tue, 12 Mar 2013 15:40:59 +0100 Subject: [PATCH 3/4] [Security] simplified redirection url cleaning --- .../Component/Security/Http/HttpUtils.php | 24 ++++--------------- .../Security/Tests/Http/HttpUtilsTest.php | 12 ++++------ 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 38b88906701f2..9608c2ec11921 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -149,32 +149,18 @@ private function generateUrl($route, array $attributes = array(), $absolute = fa // unnecessary query string parameters must be removed from url // (ie. query parameters that are presents in $attributes) - return $this->cleanQueryString($url, array_keys($attributes)); + // fortunately, they all are, so we have to remove entire query string + return $this->removeQueryString($url); } - private function cleanQueryString($url, array $unwantedParameters = array()) + private function removeQueryString($url) { - if (0 === count($unwantedParameters)) { - return $url; - } - $position = strpos($url, '?'); + if (false === $position) { return $url; } - $queryString = substr($url, $position + 1); - parse_str($queryString, $queryParameters); - - foreach ($unwantedParameters as $parameter) { - unset($queryParameters[$parameter]); - } - - $url = substr($url, 0, $position); - if (count($queryParameters) > 0) { - $url .= '?'.http_build_query($queryParameters); - } - - return $url; + return substr($url, 0, $position); } } diff --git a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php index 4d5cd4ace7232..d758e5aa3b7b1 100644 --- a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php +++ b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php @@ -137,17 +137,15 @@ public function testCheckRequestPathWithUrlMatcherLoadingException() $utils->checkRequestPath($this->getRequest(), 'foobar'); } - public function testCleanQueryString() + public function testRemoveQueryString() { $utils = new HttpUtils($this->getUrlGenerator()); - $method = new \ReflectionMethod($utils, 'cleanQueryString'); + $method = new \ReflectionMethod($utils, 'removeQueryString'); $method->setAccessible(true); - $this->assertEquals('/path', $method->invoke($utils, '/path', array())); - $this->assertEquals('/path', $method->invoke($utils, '/path', array('a'))); - $this->assertEquals('/path?b=2', $method->invoke($utils, '/path?a=1&b=2', array('a'))); - $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2', array('a', 'b'))); - $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2', array('a', 'b', 'c'))); + $this->assertEquals('/path', $method->invoke($utils, '/path')); + $this->assertEquals('/path', $method->invoke($utils, '/path?a=1')); + $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2')); } private function getUrlGenerator() From a041a850a03c1d95429903497cb7500ed724fee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Simon?= Date: Wed, 13 Mar 2013 08:02:25 +0100 Subject: [PATCH 4/4] [Security] inlined HttpUtils::removeQueryString() method --- .../Component/Security/Http/HttpUtils.php | 12 +++--------- .../Security/Tests/Http/HttpUtilsTest.php | 17 +++++++++-------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 9608c2ec11921..761aa5ae99d09 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -150,17 +150,11 @@ private function generateUrl($route, array $attributes = array(), $absolute = fa // unnecessary query string parameters must be removed from url // (ie. query parameters that are presents in $attributes) // fortunately, they all are, so we have to remove entire query string - return $this->removeQueryString($url); - } - - private function removeQueryString($url) - { $position = strpos($url, '?'); - - if (false === $position) { - return $url; + if (false !== $position) { + $url = substr($url, 0, $position); } - return substr($url, 0, $position); + return $url; } } diff --git a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php index d758e5aa3b7b1..8a2d2f093521a 100644 --- a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php +++ b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php @@ -137,24 +137,25 @@ public function testCheckRequestPathWithUrlMatcherLoadingException() $utils->checkRequestPath($this->getRequest(), 'foobar'); } - public function testRemoveQueryString() + public function testGenerateUrlRemovesQueryString() { - $utils = new HttpUtils($this->getUrlGenerator()); - $method = new \ReflectionMethod($utils, 'removeQueryString'); + $method = new \ReflectionMethod('Symfony\Component\Security\Http\HttpUtils', 'generateUrl'); $method->setAccessible(true); - $this->assertEquals('/path', $method->invoke($utils, '/path')); - $this->assertEquals('/path', $method->invoke($utils, '/path?a=1')); - $this->assertEquals('/path', $method->invoke($utils, '/path?a=1&b=2')); + $utils = new HttpUtils($this->getUrlGenerator()); + $this->assertEquals('/foo/bar', $method->invoke($utils, 'route_name')); + + $utils = new HttpUtils($this->getUrlGenerator('/foo/bar?param=value')); + $this->assertEquals('/foo/bar', $method->invoke($utils, 'route_name')); } - private function getUrlGenerator() + private function getUrlGenerator($generatedUrl = '/foo/bar') { $urlGenerator = $this->getMock('Symfony\Component\Routing\Generator\UrlGeneratorInterface'); $urlGenerator ->expects($this->any()) ->method('generate') - ->will($this->returnValue('/foo/bar')) + ->will($this->returnValue($generatedUrl)) ; return $urlGenerator;