diff --git a/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php b/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
index afe5cb163d986..14c6aa63d1f83 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
@@ -83,8 +83,7 @@ protected function validateRequest(Request $request)
}
// is the Request signed?
- // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
- if ($this->signer->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().(null !== ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''))) {
+ if ($this->signer->checkRequest($request)) {
return;
}
diff --git a/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php b/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
index b2eb59206ba03..4801776cce146 100644
--- a/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
@@ -12,6 +12,7 @@
namespace Symfony\Component\HttpKernel\Tests;
use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\UriSigner;
class UriSignerTest extends TestCase
@@ -52,6 +53,15 @@ public function testCheckWithDifferentArgSeparator()
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
}
+ public function testCheckWithRequest()
+ {
+ $signer = new UriSigner('foobar');
+
+ $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo'))));
+ $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar'))));
+ $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar&0=integer'))));
+ }
+
public function testCheckWithDifferentParameter()
{
$signer = new UriSigner('foobar', 'qux');
diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php
index 4dfb2bbefca6f..df08dd69fce12 100644
--- a/src/Symfony/Component/HttpKernel/UriSigner.php
+++ b/src/Symfony/Component/HttpKernel/UriSigner.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\HttpKernel;
+use Symfony\Component\HttpFoundation\Request;
+
/**
* Signs URIs.
*
@@ -78,6 +80,14 @@ public function check(string $uri)
return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
}
+ public function checkRequest(Request $request): bool
+ {
+ $qs = ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : '';
+
+ // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
+ return $this->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$qs);
+ }
+
private function computeHash(string $uri): string
{
return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy