Skip to content

Commit

Permalink
Do not decode %2F in path
Browse files Browse the repository at this point in the history
  • Loading branch information
trowski committed Jul 3, 2024
1 parent c0434ad commit a9be25b
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
10 changes: 9 additions & 1 deletion src/Router.php
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,9 @@ public function handleRequest(Request $request): Response
}

$method = $request->getMethod();
$path = \rawurldecode($request->getUri()->getPath());

$path = \str_ireplace('%2F', '%252F', $request->getUri()->getPath());
$path = \rawurldecode($path);

$toMatch = "{$method}\0{$path}";

Expand Down Expand Up @@ -113,6 +115,12 @@ public function handleRequest(Request $request): Response
}
}

private function decode(string $path): string
{
$path = \str_ireplace('%2F', '%252F', $path);
return \rawurldecode($path);
}

/**
* Merge another router's routes into this router.
*
Expand Down
4 changes: 2 additions & 2 deletions test/RouterTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -214,11 +214,11 @@ public function testPathIsMatchedDecoded(): void
});

$router = new Router($this->server, $this->testLogger, $this->errorHandler);
$router->addRoute("GET", "/fo+ö", $requestHandler);
$router->addRoute("GET", "/fo+%2Fö bar", $requestHandler);

$this->server->start($router, $this->errorHandler);

$uri = "/fo+" . \rawurlencode("ö");
$uri = "/fo+%2F" . \rawurlencode("ö ") . 'bar';

$request = new Request($this->createMock(Client::class), "GET", Uri\Http::createFromString($uri));
$response = $router->handleRequest($request);
Expand Down

0 comments on commit a9be25b

Please sign in to comment.