Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit944e60f

Browse files
nicolas-grekasmichaelcullum
authored andcommitted
[HttpFoundation] reject invalid method override
1 parentb7bdf2c commit944e60f

File tree

1 file changed

+29
-14
lines changed

1 file changed

+29
-14
lines changed

‎src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1346,22 +1346,37 @@ public function setMethod($method)
13461346
*/
13471347
publicfunctiongetMethod()
13481348
{
1349-
if (null ===$this->method) {
1350-
$this->method =strtoupper($this->server->get('REQUEST_METHOD','GET'));
1351-
1352-
if ('POST' ===$this->method) {
1353-
if ($method =$this->headers->get('X-HTTP-METHOD-OVERRIDE')) {
1354-
$this->method =strtoupper($method);
1355-
}elseif (self::$httpMethodParameterOverride) {
1356-
$method =$this->request->get('_method',$this->query->get('_method','POST'));
1357-
if (\is_string($method)) {
1358-
$this->method =strtoupper($method);
1359-
}
1360-
}
1361-
}
1349+
if (null !==$this->method) {
1350+
return$this->method;
1351+
}
1352+
1353+
$this->method =strtoupper($this->server->get('REQUEST_METHOD','GET'));
1354+
1355+
if ('POST' !==$this->method) {
1356+
return$this->method;
1357+
}
1358+
1359+
$method =$this->headers->get('X-HTTP-METHOD-OVERRIDE');
1360+
1361+
if (!$method &&self::$httpMethodParameterOverride) {
1362+
$method =$this->request->get('_method',$this->query->get('_method','POST'));
1363+
}
1364+
1365+
if (!\is_string($method)) {
1366+
return$this->method;
1367+
}
1368+
1369+
$method =strtoupper($method);
1370+
1371+
if (\in_array($method, ['GET','HEAD','POST','PUT','DELETE','CONNECT','OPTIONS','PATCH','PURGE','TRACE'],true)) {
1372+
return$this->method =$method;
1373+
}
1374+
1375+
if (!preg_match('/^[A-Z]++$/D',$method)) {
1376+
thrownewSuspiciousOperationException(sprintf('Invalid method override "%s".',$method));
13621377
}
13631378

1364-
return$this->method;
1379+
return$this->method =$method;
13651380
}
13661381

13671382
/**

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp