tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Less strict checks for relative URL normalization in SS_HTTPRequest (regression from recent security fixes to Director::is_absolute_url()) (fixes #7359)

Browse Source
This commit is contained in:
Ingo Schommer 2012-05-20 11:16:34 +02:00
parent 18fa9cd03d
commit fedb337aa5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
control/HTTPRequest.php
View File

@ -90,8 +90,9 @@ class SS_HTTPRequest implements ArrayAccess {
function __construct($httpMethod, $url, $getVars = array(), $postVars = array(), $body = null) { function __construct($httpMethod, $url, $getVars = array(), $postVars = array(), $body = null) {
$this->httpMethod = strtoupper(self::detect_method($httpMethod, $postVars)); $this->httpMethod = strtoupper(self::detect_method($httpMethod, $postVars));
$this->url = $url; $this->url = $url;
if(Director::is_relative_url($url)) { // Normalize URL if its relative (strictly speaking), or has leading slashes
if(Director::is_relative_url($url) || preg_match('/^\//', $url)) {
$this->url = preg_replace(array('/\/+/','/^\//', '/\/$/'),array('/','',''), $this->url); $this->url = preg_replace(array('/\/+/','/^\//', '/\/$/'),array('/','',''), $this->url);
} }
if(preg_match('/^(.*)\.([A-Za-z][A-Za-z0-9]*)$/', $this->url, $matches)) { if(preg_match('/^(.*)\.([A-Za-z][A-Za-z0-9]*)$/', $this->url, $matches)) {