NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commit5782c78

committed

Generate url-safe signatures

1 parent136bde3 commit5782c78Copy full SHA for 5782c78

File tree

8 files changed

+25

-18

lines changed

src/Symfony
- Bridge/Twig/Tests/Extension
  - HttpKernelExtensionTest.php
- Bundle/FrameworkBundle/Tests/Functional
  - FragmentTest.php
- Component
  - HttpFoundation
    - Tests
      - UriSignerTest.php
    - UriSigner.php
  - HttpKernel
    - Tests/Fragment
    - composer.json

8 files changed

+25

-18

lines changed

`‎src/Symfony/Bridge/Twig/Tests/Extension/HttpKernelExtensionTest.php‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public function testGenerateFragmentUri()`
`80`	`80`	`]);`
`81`	`81`	`$twig->addRuntimeLoader($loader);`
`82`	`82`
`83`		`-$this->assertSame('/_fragment?_hash=XCg0hX8QzSwik8Xuu9aMXhoCeI4oJOob7lUVacyOtyY%3D&_path=template%3Dfoo.html.twig%26_format%3Dhtml%26_locale%3Den%26_controller%3DSymfony%255CBundle%255CFrameworkBundle%255CController%255CTemplateController%253A%253AtemplateAction',$twig->render('index'));`
	`83`	`+$this->assertSame('/_fragment?_hash=XCg0hX8QzSwik8Xuu9aMXhoCeI4oJOob7lUVacyOtyY&_path=template%3Dfoo.html.twig%26_format%3Dhtml%26_locale%3Den%26_controller%3DSymfony%255CBundle%255CFrameworkBundle%255CController%255CTemplateController%253A%253AtemplateAction',$twig->render('index'));`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`protectedfunctiongetFragmentHandler($returnOrException):FragmentHandler`

`‎src/Symfony/Bundle/FrameworkBundle/Tests/Functional/FragmentTest.php‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,6 @@ public function testGenerateFragmentUri()`
`50`	`50`	`$client =self::createClient(['test_case' =>'Fragment','root_config' =>'config.yml','debug' =>true]);`
`51`	`51`	`$client->request('GET','/fragment_uri');`
`52`	`52`
`53`		`-$this->assertSame('/_fragment?_hash=CCRGN2D%2FoAJbeGz%2F%2FdoH3bNSPwLCrmwC1zAYCGIKJ0E%3D&_path=_format%3Dhtml%26_locale%3Den%26_controller%3DSymfony%255CBundle%255CFrameworkBundle%255CTests%255CFunctional%255CBundle%255CTestBundle%255CController%255CFragmentController%253A%253AindexAction',$client->getResponse()->getContent());`
	`53`	`+$this->assertSame('/_fragment?_hash=CCRGN2D_oAJbeGz__doH3bNSPwLCrmwC1zAYCGIKJ0E&_path=_format%3Dhtml%26_locale%3Den%26_controller%3DSymfony%255CBundle%255CFrameworkBundle%255CTests%255CFunctional%255CBundle%255CTestBundle%255CController%255CFragmentController%253A%253AindexAction',$client->getResponse()->getContent());`
`54`	`54`	`}`
`55`	`55`	`}`

`‎src/Symfony/Component/HttpFoundation/Tests/UriSignerTest.php‎`

Lines changed: 12 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -70,13 +70,13 @@ public function testCheckWithDifferentArgSeparator()`
`70`	`70`	`$signer =newUriSigner('foobar');`
`71`	`71`
`72`	`72`	`$this->assertSame(`
`73`		`-'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',`
	`73`	`+'http://example.com/foo?_hash=rIOcC_F3DoEGo_vnESjSp7uU9zA9S_-OLhxgMexoPUM&baz=bay&foo=bar',`
`74`	`74`	`$signer->sign('http://example.com/foo?foo=bar&baz=bay')`
`75`	`75`	`);`
`76`	`76`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));`
`77`	`77`
`78`	`78`	`$this->assertSame(`
`79`		`-'http://example.com/foo?_expiration=2145916800&_hash=xLhnPMzV3KqqHaaUffBUJvtRDAZ4%2FZ9Y8Sw%2BgmS%2B82Q%3D&baz=bay&foo=bar',`
	`79`	`+'http://example.com/foo?_expiration=2145916800&_hash=xLhnPMzV3KqqHaaUffBUJvtRDAZ4_Z9Y8Sw-gmS-82Q&baz=bay&foo=bar',`
`80`	`80`	`$signer->sign('http://example.com/foo?foo=bar&baz=bay',new \DateTimeImmutable('2038-01-01 00:00:00',new \DateTimeZone('UTC')))`
`81`	`81`	`);`
`82`	`82`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay',new \DateTimeImmutable('2099-01-01 00:00:00'))));`
`@@ -103,13 +103,13 @@ public function testCheckWithDifferentParameter()`
`103`	`103`	`$signer =newUriSigner('foobar','qux','abc');`
`104`	`104`
`105`	`105`	`$this->assertSame(`
`106`		`-'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',`
	`106`	`+'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC_F3DoEGo_vnESjSp7uU9zA9S_-OLhxgMexoPUM',`
`107`	`107`	`$signer->sign('http://example.com/foo?foo=bar&baz=bay')`
`108`	`108`	`);`
`109`	`109`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));`
`110`	`110`
`111`	`111`	`$this->assertSame(`
`112`		`-'http://example.com/foo?abc=2145916800&baz=bay&foo=bar&qux=kE4rK2MzeiwrYAKy%2B%2FGKvKA6bnzqCbACBdpC3yGnPVU%3D',`
	`112`	`+'http://example.com/foo?abc=2145916800&baz=bay&foo=bar&qux=kE4rK2MzeiwrYAKy-_GKvKA6bnzqCbACBdpC3yGnPVU',`
`113`	`113`	`$signer->sign('http://example.com/foo?foo=bar&baz=bay',new \DateTimeImmutable('2038-01-01 00:00:00',new \DateTimeZone('UTC')))`
`114`	`114`	`);`
`115`	`115`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay',new \DateTimeImmutable('2099-01-01 00:00:00'))));`
`@@ -120,14 +120,14 @@ public function testSignerWorksWithFragments()`
`120`	`120`	`$signer =newUriSigner('foobar');`
`121`	`121`
`122`	`122`	`$this->assertSame(`
`123`		`-'http://example.com/foo?_hash=EhpAUyEobiM3QTrKxoLOtQq5IsWyWedoXDPqIjzNj5o%3D&bar=foo&foo=bar#foobar',`
	`123`	`+'http://example.com/foo?_hash=EhpAUyEobiM3QTrKxoLOtQq5IsWyWedoXDPqIjzNj5o&bar=foo&foo=bar#foobar',`
`124`	`124`	`$signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')`
`125`	`125`	`);`
`126`	`126`
`127`	`127`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar')));`
`128`	`128`
`129`	`129`	`$this->assertSame(`
`130`		`-'http://example.com/foo?_expiration=2145916800&_hash=jTdrIE9MJSorNpQmkX6tmOtocxXtHDzIJawcAW4IFYo%3D&bar=foo&foo=bar#foobar',`
	`130`	`+'http://example.com/foo?_expiration=2145916800&_hash=jTdrIE9MJSorNpQmkX6tmOtocxXtHDzIJawcAW4IFYo&bar=foo&foo=bar#foobar',`
`131`	`131`	`$signer->sign('http://example.com/foo?bar=foo&foo=bar#foobar',new \DateTimeImmutable('2038-01-01 00:00:00',new \DateTimeZone('UTC')))`
`132`	`132`	`);`
`133`	`133`
`@@ -198,4 +198,10 @@ public function testCheckWithUriExpiration()`
`198`	`198`	`$this->assertFalse($signer->check($relativeUriFromNow2));`
`199`	`199`	`$this->assertFalse($signer->check($relativeUriFromNow3));`
`200`	`200`	`}`
	`201`	`+`
	`202`	`+publicfunctiontestNonUrlSafeBase64()`
	`203`	`+ {`
	`204`	`+$signer =newUriSigner('foobar');`
	`205`	`+$this->assertTrue($signer->check('http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar'));`
	`206`	`+ }`
`201`	`207`	`}`

`‎src/Symfony/Component/HttpFoundation/UriSigner.php‎`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public function __construct(`
`46`	`46`	`*`
`47`	`47`	`* The expiration is added as a query string parameter.`
`48`	`48`	`*/`
`49`		`-publicfunctionsign(string$uri/, \DateTimeInterface\|\DateInterval\|int\|null $expiration = null/):string`
	`49`	`+publicfunctionsign(string$uri/, \DateTimeInterface\|\DateInterval\|int\|null $expiration = null/):string`
`50`	`50`	`{`
`51`	`51`	`$expiration =null;`
`52`	`52`
`@@ -55,7 +55,7 @@ public function sign(string $uri/*, \DateTimeInterface\|\DateInterval\|int\|null $e`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`if (null !==$expiration && !$expirationinstanceof \DateTimeInterface && !$expirationinstanceof \DateInterval && !\is_int($expiration)) {`
`58`		`-thrownew \TypeError(\sprintf('The second argument of %s() must be an instance of%s or%s, an integer or null (%s given).',__METHOD__, \DateTimeInterface::class, \DateInterval::class,get_debug_type($expiration)));`
	`58`	`+thrownew \TypeError(\sprintf('The second argument of"%s()" must be an instance of"%s" or"%s", an integer or null (%s given).',__METHOD__, \DateTimeInterface::class, \DateInterval::class,get_debug_type($expiration)));`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`$url =parse_url($uri);`
`@@ -103,7 +103,8 @@ public function check(string $uri): bool`
`103`	`103`	`$hash =$params[$this->hashParameter];`
`104`	`104`	`unset($params[$this->hashParameter]);`
`105`	`105`
`106`		`-if (!hash_equals($this->computeHash($this->buildUrl($url,$params)),$hash)) {`
	`106`	`+// In 8.0, remove support for non-url-safe tokens`
	`107`	`+if (!hash_equals($this->computeHash($this->buildUrl($url,$params)),strtr(rtrim($hash,'='), ['/' =>'_','+' =>'-']))) {`
`107`	`108`	`returnfalse;`
`108`	`109`	`}`
`109`	`110`
`@@ -124,7 +125,7 @@ public function checkRequest(Request $request): bool`
`124`	`125`
`125`	`126`	`privatefunctioncomputeHash(string$uri):string`
`126`	`127`	`{`
`127`		`-returnbase64_encode(hash_hmac('sha256',$uri,$this->secret,true));`
	`128`	`+returnstrtr(rtrim(base64_encode(hash_hmac('sha256',$uri,$this->secret,true)),'='), ['/' =>'_','+' =>'-']);`
`128`	`129`	`}`
`129`	`130`
`130`	`131`	`privatefunctionbuildUrl(array$url,array$params = []):string`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/EsiFragmentRendererTest.php‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ public function testRenderControllerReference()`
`61`	`61`	`$altReference =newControllerReference('alt_controller', [], []);`
`62`	`62`
`63`	`63`	`$this->assertEquals(`
`64`		`-'<esi:include src="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',`
	`64`	`+'<esi:include src="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW_OWwdH1DBUXHhEc&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',`
`65`	`65`	`$strategy->render($reference,$request, ['alt' =>$altReference])->getContent()`
`66`	`66`	`);`
`67`	`67`	`}`
`@@ -79,7 +79,7 @@ public function testRenderControllerReferenceWithAbsoluteUri()`
`79`	`79`	`$altReference =newControllerReference('alt_controller', [], []);`
`80`	`80`
`81`	`81`	`$this->assertSame(`
`82`		`-'<esi:include src="http://localhost/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="http://localhost/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW%2FOWwdH1DBUXHhEc%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',`
	`82`	`+'<esi:include src="http://localhost/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="http://localhost/_fragment?_hash=iPJEdRoUpGrM1ztqByiorpfMPtiW_OWwdH1DBUXHhEc&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />',`
`83`	`83`	`$strategy->render($reference,$request, ['alt' =>$altReference,'absolute_uri' =>true])->getContent()`
`84`	`84`	`);`
`85`	`85`	`}`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public function testRenderWithControllerAndSigner()`
`32`	`32`	`{`
`33`	`33`	`$strategy =newHIncludeFragmentRenderer(null,newUriSigner('foo'));`
`34`	`34`
`35`		`-$this->assertEquals('<hx:include src="/_fragment?_hash=BP%2BOzCD5MRUI%2BHJpgPDOmoju00FnzLhP3TGcSHbbBLs%3D&_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller"></hx:include>',$strategy->render(newControllerReference('main_controller', [], []), Request::create('/'))->getContent());`
	`35`	`+$this->assertEquals('<hx:include src="/_fragment?_hash=BP-OzCD5MRUI-HJpgPDOmoju00FnzLhP3TGcSHbbBLs&_path=_format%3Dhtml%26_locale%3Den%26_controller%3Dmain_controller"></hx:include>',$strategy->render(newControllerReference('main_controller', [], []), Request::create('/'))->getContent());`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`publicfunctiontestRenderWithUri()`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/SsiFragmentRendererTest.php‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function testRenderControllerReference()`
`52`	`52`	`$altReference =newControllerReference('alt_controller', [], []);`
`53`	`53`
`54`	`54`	`$this->assertEquals(`
`55`		`-'<!--#include virtual="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',`
	`55`	`+'<!--#include virtual="/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',`
`56`	`56`	`$strategy->render($reference,$request, ['alt' =>$altReference])->getContent()`
`57`	`57`	`);`
`58`	`58`	`}`
`@@ -70,7 +70,7 @@ public function testRenderControllerReferenceWithAbsoluteUri()`
`70`	`70`	`$altReference =newControllerReference('alt_controller', [], []);`
`71`	`71`
`72`	`72`	`$this->assertSame(`
`73`		`-'<!--#include virtual="http://localhost/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w%3D&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',`
	`73`	`+'<!--#include virtual="http://localhost/_fragment?_hash=Jz1P8NErmhKTeI6onI1EdAXTB85359MY3RIk5mSJ60w&_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" -->',`
`74`	`74`	`$strategy->render($reference,$request, ['alt' =>$altReference,'absolute_uri' =>true])->getContent()`
`75`	`75`	`);`
`76`	`76`	`}`

`‎src/Symfony/Component/HttpKernel/composer.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`"symfony/deprecation-contracts":"^2.5\|^3",`
`21`	`21`	`"symfony/error-handler":"^6.4\|^7.0",`
`22`	`22`	`"symfony/event-dispatcher":"^6.4\|^7.0",`
`23`		`-"symfony/http-foundation":"^6.4\|^7.0",`
	`23`	`+"symfony/http-foundation":"^7.3",`
`24`	`24`	`"symfony/polyfill-ctype":"^1.8",`
`25`	`25`	`"psr/log":"^1\|^2\|^3"`
`26`	`26`	`},`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit5782c78

File tree

8 files changed

8 files changed

`‎src/Symfony/Bridge/Twig/Tests/Extension/HttpKernelExtensionTest.php‎`

`‎src/Symfony/Bundle/FrameworkBundle/Tests/Functional/FragmentTest.php‎`

`‎src/Symfony/Component/HttpFoundation/Tests/UriSignerTest.php‎`

`‎src/Symfony/Component/HttpFoundation/UriSigner.php‎`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/EsiFragmentRendererTest.php‎`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php‎`

`‎src/Symfony/Component/HttpKernel/Tests/Fragment/SsiFragmentRendererTest.php‎`

`‎src/Symfony/Component/HttpKernel/composer.json‎`

0 commit comments