Ensure query parameters are URL encoded in Arguments

- Simplify Arguments->determine
- Remove stripZRLs and stripQueryParam Arguments methods
- Updated tests
This commit is contained in:
Hypolite Petovan 2020-09-09 00:24:44 -04:00
parent d1942afbca
commit 1b681222a4
3 changed files with 74 additions and 123 deletions

View file

@ -47,7 +47,7 @@ class Arguments
*/ */
private $argc; private $argc;
public function __construct(string $queryString = '', string $command = '', array $argv = [Module::DEFAULT], int $argc = 1) public function __construct(string $queryString = '', string $command = '', array $argv = [], int $argc = 0)
{ {
$this->queryString = $queryString; $this->queryString = $queryString;
$this->command = $command; $this->command = $command;
@ -56,7 +56,7 @@ class Arguments
} }
/** /**
* @return string The whole query string of this call * @return string The whole query string of this call with url-encoded query parameters
*/ */
public function getQueryString() public function getQueryString()
{ {
@ -121,50 +121,27 @@ class Arguments
*/ */
public function determine(array $server, array $get) public function determine(array $server, array $get)
{ {
$queryString = ''; // removing leading / - maybe a nginx problem
$server['QUERY_STRING'] = ltrim($server['QUERY_STRING'] ?? '', '/');
if (!empty($server['QUERY_STRING']) && strpos($server['QUERY_STRING'], 'pagename=') === 0) { $queryParameters = [];
$queryString = urldecode(substr($server['QUERY_STRING'], 9)); parse_str($server['QUERY_STRING'], $queryParameters);
} elseif (!empty($server['QUERY_STRING']) && strpos($server['QUERY_STRING'], 'q=') === 0) {
$queryString = urldecode(substr($server['QUERY_STRING'], 2));
}
// eventually strip ZRL
$queryString = $this->stripZRLs($queryString);
// eventually strip OWT
$queryString = $this->stripQueryParam($queryString, 'owt');
// removing trailing / - maybe a nginx problem
$queryString = ltrim($queryString, '/');
if (!empty($get['pagename'])) { if (!empty($get['pagename'])) {
$command = trim($get['pagename'], '/\\'); $command = trim($get['pagename'], '/\\');
} elseif (!empty($queryParameters['pagename'])) {
$command = trim($queryParameters['pagename'], '/\\');
} elseif (!empty($get['q'])) { } elseif (!empty($get['q'])) {
// Legacy page name parameter, now conflicts with the search query parameter
$command = trim($get['q'], '/\\'); $command = trim($get['q'], '/\\');
} else { } else {
$command = Module::DEFAULT; $command = '';
} }
// Remove generated and one-time use parameters
// fix query_string unset($queryParameters['pagename']);
if (!empty($command)) { unset($queryParameters['zrl']);
$queryString = str_replace( unset($queryParameters['owt']);
$command . '&',
$command . '?',
$queryString
);
}
// unix style "homedir"
if (substr($command, 0, 1) === '~') {
$command = 'profile/' . substr($command, 1);
}
// Diaspora style profile url
if (substr($command, 0, 2) === 'u/') {
$command = 'profile/' . substr($command, 2);
}
/* /*
* Break the URL path into C style argc/argv style arguments for our * Break the URL path into C style argc/argv style arguments for our
@ -173,41 +150,17 @@ class Arguments
* [0] => 'module' * [0] => 'module'
* [1] => 'arg1' * [1] => 'arg1'
* [2] => 'arg2' * [2] => 'arg2'
*
*
* There will always be one argument. If provided a naked domain
* URL, $this->argv[0] is set to "home".
*/ */
if ($command) {
$argv = explode('/', $command);
} else {
$argv = [];
}
$argv = explode('/', $command);
$argc = count($argv); $argc = count($argv);
$queryString = $command . ($queryParameters ? '?' . http_build_query($queryParameters) : '');
return new Arguments($queryString, $command, $argv, $argc); return new Arguments($queryString, $command, $argv, $argc);
} }
}
/**
* Strip zrl parameter from a string.
*
* @param string $queryString The input string.
*
* @return string The zrl.
*/
public function stripZRLs(string $queryString)
{
return preg_replace('/[?&]zrl=(.*?)(&|$)/ism', '$2', $queryString);
}
/**
* Strip query parameter from a string.
*
* @param string $queryString The input string.
* @param string $param
*
* @return string The query parameter.
*/
public function stripQueryParam(string $queryString, string $param)
{
return preg_replace('/[?&]' . $param . '=(.*?)(&|$)/ism', '$2', $queryString);
}
}

View file

@ -75,7 +75,7 @@ class ApiTest extends FixtureTest
$this->app = DI::app(); $this->app = DI::app();
$this->app->argc = 1; $this->app->argc = 1;
$this->app->argv = ['home']; $this->app->argv = [''];
// User data that the test database is populated with // User data that the test database is populated with
$this->selfUser = [ $this->selfUser = [

View file

@ -45,8 +45,8 @@ class ArgumentsTest extends TestCase
$this->assertArguments([ $this->assertArguments([
'queryString' => '', 'queryString' => '',
'command' => '', 'command' => '',
'argv' => ['home'], 'argv' => [],
'argc' => 1, 'argc' => 0,
], ],
$arguments); $arguments);
} }
@ -55,34 +55,6 @@ class ArgumentsTest extends TestCase
{ {
return [ return [
'withPagename' => [ 'withPagename' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'pagename=profile/test/it?arg1=value1&arg2=value2',
],
'get' => [
'pagename' => 'profile/test/it',
],
],
'withQ' => [
'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'],
'argc' => 3,
],
'server' => [
'QUERY_STRING' => 'q=profile/test/it?arg1=value1&arg2=value2',
],
'get' => [
'q' => 'profile/test/it',
],
],
'withWrongDelimiter' => [
'assert' => [ 'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2', 'queryString' => 'profile/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it', 'command' => 'profile/test/it',
@ -99,12 +71,12 @@ class ArgumentsTest extends TestCase
'withUnixHomeDir' => [ 'withUnixHomeDir' => [
'assert' => [ 'assert' => [
'queryString' => '~test/it?arg1=value1&arg2=value2', 'queryString' => '~test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it', 'command' => '~test/it',
'argv' => ['profile', 'test', 'it'], 'argv' => ['~test', 'it'],
'argc' => 3, 'argc' => 2,
], ],
'server' => [ 'server' => [
'QUERY_STRING' => 'pagename=~test/it?arg1=value1&arg2=value2', 'QUERY_STRING' => 'pagename=~test/it&arg1=value1&arg2=value2',
], ],
'get' => [ 'get' => [
'pagename' => '~test/it', 'pagename' => '~test/it',
@ -113,12 +85,12 @@ class ArgumentsTest extends TestCase
'withDiasporaHomeDir' => [ 'withDiasporaHomeDir' => [
'assert' => [ 'assert' => [
'queryString' => 'u/test/it?arg1=value1&arg2=value2', 'queryString' => 'u/test/it?arg1=value1&arg2=value2',
'command' => 'profile/test/it', 'command' => 'u/test/it',
'argv' => ['profile', 'test', 'it'], 'argv' => ['u', 'test', 'it'],
'argc' => 3, 'argc' => 3,
], ],
'server' => [ 'server' => [
'QUERY_STRING' => 'pagename=u/test/it?arg1=value1&arg2=value2', 'QUERY_STRING' => 'pagename=u/test/it&arg1=value1&arg2=value2',
], ],
'get' => [ 'get' => [
'pagename' => 'u/test/it', 'pagename' => 'u/test/it',
@ -126,13 +98,13 @@ class ArgumentsTest extends TestCase
], ],
'withTrailingSlash' => [ 'withTrailingSlash' => [
'assert' => [ 'assert' => [
'queryString' => 'profile/test/it?arg1=value1&arg2=value2/', 'queryString' => 'profile/test/it?arg1=value1&arg2=value2%2F',
'command' => 'profile/test/it', 'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'], 'argv' => ['profile', 'test', 'it'],
'argc' => 3, 'argc' => 3,
], ],
'server' => [ 'server' => [
'QUERY_STRING' => 'pagename=profile/test/it?arg1=value1&arg2=value2/', 'QUERY_STRING' => 'pagename=profile/test/it&arg1=value1&arg2=value2/',
], ],
'get' => [ 'get' => [
'pagename' => 'profile/test/it', 'pagename' => 'profile/test/it',
@ -140,14 +112,13 @@ class ArgumentsTest extends TestCase
], ],
'withWrongQueryString' => [ 'withWrongQueryString' => [
'assert' => [ 'assert' => [
// empty query string?! 'queryString' => 'profile/test/it?wrong=profile%2Ftest%2Fit&arg1=value1&arg2=value2%2F',
'queryString' => '',
'command' => 'profile/test/it', 'command' => 'profile/test/it',
'argv' => ['profile', 'test', 'it'], 'argv' => ['profile', 'test', 'it'],
'argc' => 3, 'argc' => 3,
], ],
'server' => [ 'server' => [
'QUERY_STRING' => 'wrong=profile/test/it?arg1=value1&arg2=value2/', 'QUERY_STRING' => 'wrong=profile/test/it&arg1=value1&arg2=value2/',
], ],
'get' => [ 'get' => [
'pagename' => 'profile/test/it', 'pagename' => 'profile/test/it',
@ -155,17 +126,44 @@ class ArgumentsTest extends TestCase
], ],
'withMissingPageName' => [ 'withMissingPageName' => [
'assert' => [ 'assert' => [
'queryString' => 'notvalid/it?arg1=value1&arg2=value2/', 'queryString' => 'notvalid/it?arg1=value1&arg2=value2%2F',
'command' => App\Module::DEFAULT, 'command' => 'notvalid/it',
'argv' => [App\Module::DEFAULT], 'argv' => ['notvalid', 'it'],
'argc' => 1, 'argc' => 2,
], ],
'server' => [ 'server' => [
'QUERY_STRING' => 'pagename=notvalid/it?arg1=value1&arg2=value2/', 'QUERY_STRING' => 'pagename=notvalid/it&arg1=value1&arg2=value2/',
], ],
'get' => [ 'get' => [
], ],
], ],
'withNothing' => [
'assert' => [
'queryString' => '?arg1=value1&arg2=value2%2F',
'command' => '',
'argv' => [],
'argc' => 0,
],
'server' => [
'QUERY_STRING' => 'arg1=value1&arg2=value2/',
],
'get' => [
],
],
'withFileExtension' => [
'assert' => [
'queryString' => 'api/call.json',
'command' => 'api/call.json',
'argv' => ['api', 'call.json'],
'argc' => 2,
],
'server' => [
'QUERY_STRING' => 'pagename=api/call.json',
],
'get' => [
'pagename' => 'api/call.json'
],
],
]; ];
} }
@ -207,27 +205,27 @@ class ArgumentsTest extends TestCase
return [ return [
'strippedZRLFirst' => [ 'strippedZRLFirst' => [
'assert' => '?arg1=value1', 'assert' => '?arg1=value1',
'input' => '?zrl=nope&arg1=value1', 'input' => '&zrl=nope&arg1=value1',
], ],
'strippedZRLLast' => [ 'strippedZRLLast' => [
'assert' => '?arg1=value1', 'assert' => '?arg1=value1',
'input' => '?arg1=value1&zrl=nope', 'input' => '&arg1=value1&zrl=nope',
], ],
'strippedZTLMiddle' => [ 'strippedZTLMiddle' => [
'assert' => '?arg1=value1&arg2=value2', 'assert' => '?arg1=value1&arg2=value2',
'input' => '?arg1=value1&zrl=nope&arg2=value2', 'input' => '&arg1=value1&zrl=nope&arg2=value2',
], ],
'strippedOWTFirst' => [ 'strippedOWTFirst' => [
'assert' => '?arg1=value1', 'assert' => '?arg1=value1',
'input' => '?owt=test&arg1=value1', 'input' => '&owt=test&arg1=value1',
], ],
'strippedOWTLast' => [ 'strippedOWTLast' => [
'assert' => '?arg1=value1', 'assert' => '?arg1=value1',
'input' => '?arg1=value1&owt=test', 'input' => '&arg1=value1&owt=test',
], ],
'strippedOWTMiddle' => [ 'strippedOWTMiddle' => [
'assert' => '?arg1=value1&arg2=value2', 'assert' => '?arg1=value1&arg2=value2',
'input' => '?arg1=value1&owt=test&arg2=value2', 'input' => '&arg1=value1&owt=test&arg2=value2',
], ],
]; ];
} }
@ -242,7 +240,7 @@ class ArgumentsTest extends TestCase
$command = 'test/it'; $command = 'test/it';
$arguments = (new App\Arguments()) $arguments = (new App\Arguments())
->determine(['QUERY_STRING' => 'q=' . $command . $input,], ['pagename' => $command]); ->determine(['QUERY_STRING' => 'pagename=' . $command . $input,], ['pagename' => $command]);
$this->assertEquals($command . $assert, $arguments->getQueryString()); $this->assertEquals($command . $assert, $arguments->getQueryString());
} }