1
0
Fork 0

Merge pull request #9170 from MrPetovan/bug/9164-query-string-urlencoded

Ensure query parameters are URL encoded in Arguments
This commit is contained in:
Philipp 2020-09-12 15:37:51 +02:00 committed by GitHub
commit bca6d9b089
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 109 additions and 297 deletions

View file

@ -382,38 +382,6 @@ function is_site_admin()
return local_user() && $admin_email && in_array($a->user['email'] ?? '', $adminlist);
}
function explode_querystring($query)
{
$arg_st = strpos($query, '?');
if ($arg_st !== false) {
$base = substr($query, 0, $arg_st);
$arg_st += 1;
} else {
$base = '';
$arg_st = 0;
}
$args = explode('&', substr($query, $arg_st));
foreach ($args as $k => $arg) {
/// @TODO really compare type-safe here?
if ($arg === '') {
unset($args[$k]);
}
}
$args = array_values($args);
if (!$base) {
$base = $args[0];
unset($args[0]);
$args = array_values($args);
}
return [
'base' => $base,
'args' => $args,
];
}
/**
* Returns the complete URL of the current page, e.g.: http(s)://something.com/network
*

View file

@ -311,22 +311,22 @@ function api_call(App $a, App\Arguments $args = null)
}
$type = "json";
if (strpos($args->getQueryString(), ".xml") > 0) {
if (strpos($args->getCommand(), ".xml") > 0) {
$type = "xml";
}
if (strpos($args->getQueryString(), ".json") > 0) {
if (strpos($args->getCommand(), ".json") > 0) {
$type = "json";
}
if (strpos($args->getQueryString(), ".rss") > 0) {
if (strpos($args->getCommand(), ".rss") > 0) {
$type = "rss";
}
if (strpos($args->getQueryString(), ".atom") > 0) {
if (strpos($args->getCommand(), ".atom") > 0) {
$type = "atom";
}
try {
foreach ($API as $p => $info) {
if (strpos($args->getQueryString(), $p) === 0) {
if (strpos($args->getCommand(), $p) === 0) {
if (!api_check_method($info['method'])) {
throw new MethodNotAllowedException();
}

View file

@ -1148,17 +1148,12 @@ function status_editor(App $a, $x, $notes_cid = 0, $popup = false)
$jotplugins = '';
Hook::callAll('jot_tool', $jotplugins);
$query_str = DI::args()->getQueryString();
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(['?public=1', '&public=1'], ['', ''], $query_str);
}
// $tpl = Renderer::replaceMacros($tpl,array('$jotplugins' => $jotplugins));
$tpl = Renderer::getMarkupTemplate("jot.tpl");
$o .= Renderer::replaceMacros($tpl,[
'$new_post' => DI::l10n()->t('New Post'),
'$return_path' => $query_str,
'$return_path' => DI::args()->getQueryString(),
'$action' => 'item',
'$share' => ($x['button'] ?? '') ?: DI::l10n()->t('Share'),
'$loading' => DI::l10n()->t('Loading...'),

View file

@ -904,40 +904,8 @@ function drop_item(int $id, string $return = '')
}
if ((local_user() == $item['uid']) || $contact_id) {
// Check if we should do HTML-based delete confirmation
if (!empty($_REQUEST['confirm'])) {
// <form> can't take arguments in its "action" parameter
// so add any arguments as hidden inputs
$query = explode_querystring(DI::args()->getQueryString());
$inputs = [];
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]];
}
}
return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'get',
'$message' => DI::l10n()->t('Do you really want to delete this item?'),
'$extra_inputs' => $inputs,
'$confirm' => DI::l10n()->t('Yes'),
'$confirm_url' => $query['base'],
'$confirm_name' => 'confirmed',
'$cancel' => DI::l10n()->t('Cancel'),
]);
}
// Now check how the user responded to the confirmation query
if (!empty($_REQUEST['canceled'])) {
DI::baseUrl()->redirect('display/' . $item['guid']);
}
$is_comment = $item['gravity'] == GRAVITY_COMMENT;
$parentitem = null;
if (!empty($item['parent'])) {
$fields = ['guid'];
$parentitem = Item::selectFirstForUser(local_user(), $fields, ['id' => $item['parent']]);
$parentitem = Item::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]);
}
// delete the item
@ -949,7 +917,7 @@ function drop_item(int $id, string $return = '')
$return_url = str_replace("update_", "", $return_url);
// Check if delete a comment
if ($is_comment) {
if ($item['gravity'] == GRAVITY_COMMENT) {
// Return to parent guid
if (!empty($parentitem)) {
DI::baseUrl()->redirect('display/' . $parentitem['guid']);

View file

@ -141,36 +141,6 @@ function message_content(App $a)
return;
}
// Check if we should do HTML-based delete confirmation
if (!empty($_REQUEST['confirm'])) {
// <form> can't take arguments in its "action" parameter
// so add any arguments as hidden inputs
$query = explode_querystring(DI::args()->getQueryString());
$inputs = [];
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]];
}
}
//DI::page()['aside'] = '';
return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'get',
'$message' => DI::l10n()->t('Do you really want to delete this message?'),
'$extra_inputs' => $inputs,
'$confirm' => DI::l10n()->t('Yes'),
'$confirm_url' => $query['base'],
'$confirm_name' => 'confirmed',
'$cancel' => DI::l10n()->t('Cancel'),
]);
}
// Now check how the user responded to the confirmation query
if (!empty($_REQUEST['canceled'])) {
DI::baseUrl()->redirect('message');
}
$cmd = $a->argv[1];
if ($cmd === 'drop') {
$message = DBA::selectFirst('mail', ['convid'], ['id' => $a->argv[2], 'uid' => local_user()]);

View file

@ -635,9 +635,7 @@ function network_display_post($a, $pager, $mark_all, $update, $ordering, $items)
$parents_str = implode(', ', $parents_arr);
}
$query_string = DI::args()->getQueryString();
$pager->setQueryString($query_string);
$pager->setQueryString(DI::args()->getQueryString());
// We aren't going to try and figure out at the item, group, and page
// level which items you've seen and which you haven't. If you're looking

View file

@ -1039,7 +1039,6 @@ function photos_content(App $a)
return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => DI::l10n()->t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => [],
'$confirm' => DI::l10n()->t('Delete Album'),
'$confirm_url' => $drop_url,
'$confirm_name' => 'dropalbum',
@ -1146,7 +1145,6 @@ function photos_content(App $a)
return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => DI::l10n()->t('Do you really want to delete this photo?'),
'$extra_inputs' => [],
'$confirm' => DI::l10n()->t('Delete Photo'),
'$confirm_url' => $drop_url,
'$confirm_name' => 'delete',

View file

@ -829,26 +829,6 @@ function settings_content(App $a)
$stpl = Renderer::getMarkupTemplate('settings/settings.tpl');
// Private/public post links for the non-JS ACL form
$private_post = 1;
if (!empty($_REQUEST['public']) && !$_REQUEST['public']) {
$private_post = 0;
}
$query_str = DI::args()->getQueryString();
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(['?public=1', '&public=1'], ['', ''], $query_str);
}
// I think $a->query_string may never have ? in it, but I could be wrong
// It looks like it's from the index.php?q=[etc] rewrite that the web
// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
/* Installed langs */
$lang_choices = DI::l10n()->getAvailableLanguages();

View file

@ -47,7 +47,7 @@ class Arguments
*/
private $argc;
public function __construct(string $queryString = '', string $command = '', array $argv = [Module::DEFAULT], int $argc = 1)
public function __construct(string $queryString = '', string $command = '', array $argv = [], int $argc = 0)
{
$this->queryString = $queryString;
$this->command = $command;
@ -56,7 +56,7 @@ class Arguments
}
/**
* @return string The whole query string of this call
* @return string The whole query string of this call with url-encoded query parameters
*/
public function getQueryString()
{
@ -121,50 +121,27 @@ class Arguments
*/
public function determine(array $server, array $get)
{
$queryString = '';
// removing leading / - maybe a nginx problem
$server['QUERY_STRING'] = ltrim($server['QUERY_STRING'] ?? '', '/');
if (!empty($server['QUERY_STRING']) && strpos($server['QUERY_STRING'], 'pagename=') === 0) {
$queryString = urldecode(substr($server['QUERY_STRING'], 9));
} elseif (!empty($server['QUERY_STRING']) && strpos($server['QUERY_STRING'], 'q=') === 0) {
$queryString = urldecode(substr($server['QUERY_STRING'], 2));
}
// eventually strip ZRL
$queryString = $this->stripZRLs($queryString);
// eventually strip OWT
$queryString = $this->stripQueryParam($queryString, 'owt');
// removing trailing / - maybe a nginx problem
$queryString = ltrim($queryString, '/');
$queryParameters = [];
parse_str($server['QUERY_STRING'], $queryParameters);
if (!empty($get['pagename'])) {
$command = trim($get['pagename'], '/\\');
} elseif (!empty($queryParameters['pagename'])) {
$command = trim($queryParameters['pagename'], '/\\');
} elseif (!empty($get['q'])) {
// Legacy page name parameter, now conflicts with the search query parameter
$command = trim($get['q'], '/\\');
} else {
$command = Module::DEFAULT;
$command = '';
}
// fix query_string
if (!empty($command)) {
$queryString = str_replace(
$command . '&',
$command . '?',
$queryString
);
}
// unix style "homedir"
if (substr($command, 0, 1) === '~') {
$command = 'profile/' . substr($command, 1);
}
// Diaspora style profile url
if (substr($command, 0, 2) === 'u/') {
$command = 'profile/' . substr($command, 2);
}
// Remove generated and one-time use parameters
unset($queryParameters['pagename']);
unset($queryParameters['zrl']);
unset($queryParameters['owt']);
/*
* Break the URL path into C style argc/argv style arguments for our
@ -173,41 +150,17 @@ class Arguments
* [0] => 'module'
* [1] => 'arg1'
* [2] => 'arg2'
*
*
* There will always be one argument. If provided a naked domain
* URL, $this->argv[0] is set to "home".
*/
if ($command) {
$argv = explode('/', $command);
} else {
$argv = [];
}
$argv = explode('/', $command);
$argc = count($argv);
$queryString = $command . ($queryParameters ? '?' . http_build_query($queryParameters) : '');
return new Arguments($queryString, $command, $argv, $argc);
}
/**
* Strip zrl parameter from a string.
*
* @param string $queryString The input string.
*
* @return string The zrl.
*/
public function stripZRLs(string $queryString)
{
return preg_replace('/[?&]zrl=(.*?)(&|$)/ism', '$2', $queryString);
}
/**
* Strip query parameter from a string.
*
* @param string $queryString The input string.
* @param string $param
*
* @return string The query parameter.
*/
public function stripQueryParam(string $queryString, string $param)
{
return preg_replace('/[?&]' . $param . '=(.*?)(&|$)/ism', '$2', $queryString);
}
}

View file

@ -128,7 +128,7 @@ class Pager
/**
* Sets the base query string from a full query string.
*
* Strips the 'page' parameter, and remove the 'q=' string for some reason.
* Strips the 'page' parameter
*
* @param string $queryString
*/

View file

@ -229,8 +229,6 @@ class Addon
*/
public static function getInfo($addon)
{
$a = DI::app();
$addon = Strings::sanitizeFilePathItem($addon);
$info = [

View file

@ -42,13 +42,13 @@ class BaseApi extends BaseModule
{
$arguments = DI::args();
if (substr($arguments->getQueryString(), -4) === '.xml') {
if (substr($arguments->getCommand(), -4) === '.xml') {
self::$format = 'xml';
}
if (substr($arguments->getQueryString(), -4) === '.rss') {
if (substr($arguments->getCommand(), -4) === '.rss') {
self::$format = 'rss';
}
if (substr($arguments->getQueryString(), -4) === '.atom') {
if (substr($arguments->getCommand(), -4) === '.atom') {
self::$format = 'atom';
}
}

View file

@ -436,17 +436,6 @@ class Contact extends BaseModule
if ($cmd === 'drop' && ($orig_record['uid'] != 0)) {
// Check if we should do HTML-based delete confirmation
if (!empty($_REQUEST['confirm'])) {
// <form> can't take arguments in its 'action' parameter
// so add any arguments as hidden inputs
$query = explode_querystring(DI::args()->getQueryString());
$inputs = [];
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]];
}
}
DI::page()['aside'] = '';
return Renderer::replaceMacros(Renderer::getMarkupTemplate('contact_drop_confirm.tpl'), [
@ -454,9 +443,8 @@ class Contact extends BaseModule
'$contact' => self::getContactTemplateVars($orig_record),
'$method' => 'get',
'$message' => DI::l10n()->t('Do you really want to delete this contact?'),
'$extra_inputs' => $inputs,
'$confirm' => DI::l10n()->t('Yes'),
'$confirm_url' => $query['base'],
'$confirm_url' => DI::args()->getCommand(),
'$confirm_name' => 'confirmed',
'$cancel' => DI::l10n()->t('Cancel'),
]);

View file

@ -30,6 +30,14 @@
use Friendica\App\Router as R;
use Friendica\Module;
$profileRoutes = [
'' => [Module\Profile\Index::class, [R::GET]],
'/profile' => [Module\Profile\Profile::class, [R::GET]],
'/contacts/common' => [Module\Profile\Common::class, [R::GET]],
'/contacts[/{type}]' => [Module\Profile\Contacts::class, [R::GET]],
'/status[/{category}[/{date1}[/{date2}]]]' => [Module\Profile\Status::class, [R::GET]],
];
return [
'/' => [Module\Home::class, [R::GET]],
@ -250,13 +258,9 @@ return [
'/pretheme' => [Module\ThemeDetails::class, [R::GET]],
'/probe' => [Module\Debug\Probe::class, [R::GET]],
'/profile' => [
'/{nickname}' => [Module\Profile\Index::class, [R::GET]],
'/{nickname}/profile' => [Module\Profile\Profile::class, [R::GET]],
'/{nickname}/contacts/common' => [Module\Profile\Common::class, [R::GET]],
'/{nickname}/contacts[/{type}]' => [Module\Profile\Contacts::class, [R::GET]],
'/{nickname}/status[/{category}[/{date1}[/{date2}]]]' => [Module\Profile\Status::class, [R::GET]],
],
'/profile/{nickname}' => $profileRoutes,
'/u/{nickname}' => $profileRoutes,
'/~{nickname}' => $profileRoutes,
'/proxy' => [
'[/]' => [Module\Proxy::class, [R::GET]],

View file

@ -75,7 +75,7 @@ class ApiTest extends FixtureTest
$this->app = DI::app();
$this->app->argc = 1;
$this->app->argv = ['home'];
$this->app->argv = [''];
// User data that the test database is populated with
$this->selfUser = [
@ -417,7 +417,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path';
$_SERVER['QUERY_STRING'] = 'pagename=api_path';
$_GET['callback'] = 'callback_name';
$args = DI::args()->determine($_SERVER, $_GET);
@ -445,7 +445,7 @@ class ApiTest extends FixtureTest
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path';
$_SERVER['QUERY_STRING'] = 'pagename=api_path';
$args = DI::args()->determine($_SERVER, $_GET);
@ -481,7 +481,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path';
$_SERVER['QUERY_STRING'] = 'pagename=api_path';
$args = DI::args()->determine($_SERVER, $_GET);
@ -521,7 +521,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path.json';
$_SERVER['QUERY_STRING'] = 'pagename=api_path.json';
$args = DI::args()->determine($_SERVER, $_GET);
@ -547,7 +547,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path.xml';
$_SERVER['QUERY_STRING'] = 'pagename=api_path.xml';
$args = DI::args()->determine($_SERVER, $_GET);
@ -573,7 +573,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path.rss';
$_SERVER['QUERY_STRING'] = 'pagename=api_path.rss';
$args = DI::args()->determine($_SERVER, $_GET);
@ -600,7 +600,7 @@ class ApiTest extends FixtureTest
}
];
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path.atom';
$_SERVER['QUERY_STRING'] = 'pagename=api_path.atom';
$args = DI::args()->determine($_SERVER, $_GET);
@ -622,7 +622,7 @@ class ApiTest extends FixtureTest
global $API;
$API['api_path'] = ['method' => 'method'];
$_SERVER['QUERY_STRING'] = 'q=api_path';
$_SERVER['QUERY_STRING'] = 'pagename=api_path';
$args = DI::args()->determine($_SERVER, $_GET);
@ -647,7 +647,7 @@ class ApiTest extends FixtureTest
];
$_SESSION['authenticated'] = false;
$_SERVER['REQUEST_METHOD'] = 'method';
$_SERVER['QUERY_STRING'] = 'q=api_path';
$_SERVER['QUERY_STRING'] = 'pagename=api_path';
$args = DI::args()->determine($_SERVER, $_GET);

View file

@ -45,8 +45,8 @@ class ArgumentsTest extends TestCase
$this->assertArguments([
'queryString' => '',
'command' => '',
'argv' => ['home'],
'argc' => 1,
'argv' => [],
'argc' => 0,
],
$arguments);
}
@ -55,34 +55,6 @@ class ArgumentsTest extends TestCase
{
return [
'withPagename' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'pagename=profile/test/it?arg1=value1&arg2=value2',
],
'get' => [
'pagename' => 'profile/test/it',
],
],
'withQ' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'q=profile/test/it?arg1=value1&arg2=value2',
],
'get' => [
'q' => 'profile/test/it',
],
],
'withWrongDelimiter' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
@ -99,12 +71,12 @@ class ArgumentsTest extends TestCase
'withUnixHomeDir' => [
'assert' => [
'queryString' => '~test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
'command' => '~test/it',
'argv' => ['~test', 'it'],
'argc' => 2,
],
'server' => [
'QUERY_STRING' => 'pagename=~test/it?arg1=value1&arg2=value2',
'QUERY_STRING' => 'pagename=~test/it&arg1=value1&arg2=value2',
],
'get' => [
'pagename' => '~test/it',
@ -113,12 +85,12 @@ class ArgumentsTest extends TestCase
'withDiasporaHomeDir' => [
'assert' => [
'queryString' => 'u/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'command' => 'u/test/it',
'argv' => ['u', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'pagename=u/test/it?arg1=value1&arg2=value2',
'QUERY_STRING' => 'pagename=u/test/it&arg1=value1&arg2=value2',
],
'get' => [
'pagename' => 'u/test/it',
@ -126,13 +98,13 @@ class ArgumentsTest extends TestCase
],
'withTrailingSlash' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2/',
'queryString' => 'profile/test/it?arg1=value1&arg2=value2%2F',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'pagename=profile/test/it?arg1=value1&arg2=value2/',
'QUERY_STRING' => 'pagename=profile/test/it&arg1=value1&arg2=value2/',
],
'get' => [
'pagename' => 'profile/test/it',
@ -140,14 +112,13 @@ class ArgumentsTest extends TestCase
],
'withWrongQueryString' => [
'assert' => [
// empty query string?!
'queryString' => '',
'queryString' => 'profile/test/it?wrong=profile%2Ftest%2Fit&arg1=value1&arg2=value2%2F',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'wrong=profile/test/it?arg1=value1&arg2=value2/',
'QUERY_STRING' => 'wrong=profile/test/it&arg1=value1&arg2=value2/',
],
'get' => [
'pagename' => 'profile/test/it',
@ -155,17 +126,44 @@ class ArgumentsTest extends TestCase
],
'withMissingPageName' => [
'assert' => [
'queryString' => 'notvalid/it?arg1=value1&arg2=value2/',
'command' => App\Module::DEFAULT,
'argv' => [App\Module::DEFAULT],
'argc' => 1,
'queryString' => 'notvalid/it?arg1=value1&arg2=value2%2F',
'command' => 'notvalid/it',
'argv' => ['notvalid', 'it'],
'argc' => 2,
],
'server' => [
'QUERY_STRING' => 'pagename=notvalid/it?arg1=value1&arg2=value2/',
'QUERY_STRING' => 'pagename=notvalid/it&arg1=value1&arg2=value2/',
],
'get' => [
],
],
'withNothing' => [
'assert' => [
'queryString' => '?arg1=value1&arg2=value2%2F',
'command' => '',
'argv' => [],
'argc' => 0,
],
'server' => [
'QUERY_STRING' => 'arg1=value1&arg2=value2/',
],
'get' => [
],
],
'withFileExtension' => [
'assert' => [
'queryString' => 'api/call.json',
'command' => 'api/call.json',
'argv' => ['api', 'call.json'],
'argc' => 2,
],
'server' => [
'QUERY_STRING' => 'pagename=api/call.json',
],
'get' => [
'pagename' => 'api/call.json'
],
],
];
}
@ -207,27 +205,27 @@ class ArgumentsTest extends TestCase
return [
'strippedZRLFirst' => [
'assert' => '?arg1=value1',
'input' => '?zrl=nope&arg1=value1',
'input' => '&zrl=nope&arg1=value1',
],
'strippedZRLLast' => [
'assert' => '?arg1=value1',
'input' => '?arg1=value1&zrl=nope',
'input' => '&arg1=value1&zrl=nope',
],
'strippedZTLMiddle' => [
'assert' => '?arg1=value1&arg2=value2',
'input' => '?arg1=value1&zrl=nope&arg2=value2',
'input' => '&arg1=value1&zrl=nope&arg2=value2',
],
'strippedOWTFirst' => [
'assert' => '?arg1=value1',
'input' => '?owt=test&arg1=value1',
'input' => '&owt=test&arg1=value1',
],
'strippedOWTLast' => [
'assert' => '?arg1=value1',
'input' => '?arg1=value1&owt=test',
'input' => '&arg1=value1&owt=test',
],
'strippedOWTMiddle' => [
'assert' => '?arg1=value1&arg2=value2',
'input' => '?arg1=value1&owt=test&arg2=value2',
'input' => '&arg1=value1&owt=test&arg2=value2',
],
];
}
@ -242,7 +240,7 @@ class ArgumentsTest extends TestCase
$command = 'test/it';
$arguments = (new App\Arguments())
->determine(['QUERY_STRING' => 'q=' . $command . $input,], ['pagename' => $command]);
->determine(['QUERY_STRING' => 'pagename=' . $command . $input,], ['pagename' => $command]);
$this->assertEquals($command . $assert, $arguments->getQueryString());
}

View file

@ -3,9 +3,6 @@
<form action="{{$confirm_url}}" id="confirm-form" method="{{$method}}">
<h3 id="confirm-message">{{$message}}</h3>
{{foreach $extra_inputs as $input}}
<input type="hidden" name="{{$input.name}}" value="{{$input.value}}" />
{{/foreach}}
<input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm}}" />
<input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel}}" />

View file

@ -1,7 +1,7 @@
<h1><img src="{{$baseurl}}/images/friendica-32.png"> {{$title}}</h1>
<h2>{{$pass}}</h2>
<form action="{{$baseurl}}/index.php?q=install" method="post">
<form action="{{$baseurl}}/index.php?pagename=install" method="post">
<table>
{{foreach $checks as $check}}
<tr><td>{{$check.title nofilter}} </td><td>

View file

@ -1,9 +1,6 @@
<form action="{{$confirm_url}}" id="confirm-form" method="{{$method}}" class="generic-page-wrapper">
<div id="confirm-message">{{$message}}</div>
{{foreach $extra_inputs as $input}}
<input type="hidden" name="{{$input.name}}" value="{{$input.value}}" />
{{/foreach}}
<div class="form-group pull-right settings-submit-wrapper" >
<button type="submit" name="{{$confirm_name}}" id="confirm-submit-button" class="btn btn-primary confirm-button" value="{{$confirm}}">{{$confirm}}</button>