[Pkg-owncloud-commits] [owncloud] 111/239: in case uri and script name don't match we better throw an exception
David Prévot
taffit at moszumanska.debian.org
Fri Nov 29 01:32:25 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud.
commit b9fed935b455d06ef943c562093c87171b71e4fc
Author: Thomas Müller <thomas.mueller at tmit.eu>
Date: Mon Nov 25 14:42:34 2013 +0100
in case uri and script name don't match we better throw an exception
---
lib/private/request.php | 12 ++++++++++--
tests/lib/request.php | 22 ++++++++++++++++++++++
2 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/lib/private/request.php b/lib/private/request.php
index 9cf09ac..7a75bf2 100755
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -138,8 +138,16 @@ class OC_Request {
public static function getRawPathInfo() {
$requestUri = $_SERVER['REQUEST_URI'];
// remove too many leading slashes - can be caused by reverse proxy configuration
- $requestUri = '/' . ltrim($requestUri, '/');
- $path_info = substr($requestUri, strlen($_SERVER['SCRIPT_NAME']));
+ if (strpos($requestUri, '/') === 0) {
+ $requestUri = '/' . ltrim($requestUri, '/');
+ }
+
+ $scriptName = $_SERVER['SCRIPT_NAME'];
+ // in case uri and script name don't match we better throw an exception
+ if (strpos($requestUri, $scriptName) !== 0) {
+ throw new Exception("REQUEST_URI($requestUri) does not start with the SCRIPT_NAME($scriptName)");
+ }
+ $path_info = substr($requestUri, strlen($scriptName));
// Remove the query string from REQUEST_URI
if ($pos = strpos($path_info, '?')) {
$path_info = substr($path_info, 0, $pos);
diff --git a/tests/lib/request.php b/tests/lib/request.php
index d7ccb21..a740751 100644
--- a/tests/lib/request.php
+++ b/tests/lib/request.php
@@ -39,8 +39,30 @@ class Test_Request extends PHPUnit_Framework_TestCase {
function rawPathInfoProvider() {
return array(
+ array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'),
array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'),
array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'),
);
}
+
+ /**
+ * @dataProvider rawPathInfoThrowsExceptionProvider
+ * @expectedException Exception
+ *
+ * @param $requestUri
+ * @param $scriptName
+ */
+ public function testRawPathInfoThrowsException($requestUri, $scriptName) {
+ $_SERVER['REQUEST_URI'] = $requestUri;
+ $_SERVER['SCRIPT_NAME'] = $scriptName;
+ OC_Request::getRawPathInfo();
+ }
+
+ function rawPathInfoThrowsExceptionProvider() {
+ return array(
+ array('core/ajax/translations.php', '/index.php'),
+ array('/core/ajax/translations.php', '/index.php'),
+ array('//core/ajax/translations.php', '/index.php'),
+ );
+ }
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list