Skip to content

Commit

Permalink
Merge pull request #1307 from NatLibFi/issue1289-sanitize-lang-url
Browse files Browse the repository at this point in the history 
Sanitize language switching URLs
  • Loading branch information
@osma
osma authored Apr 26, 2022
2 parents 9b3aa64 + fe9e356 commit e6ec026
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
5 changes: 4 additions & 1 deletion model/Request.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,13 @@ public function getRequestUri()
*/
public function getLangUrl($newlang=null)
{
$langurl = substr(str_replace(str_replace('/index.php', '', $this->getServerConstant('SCRIPT_NAME')), '', $this->getServerConstant('REQUEST_URI')), 1);
$script_name = str_replace('/index.php', '', $this->getServerConstant('SCRIPT_NAME'));
$langurl = substr(str_replace($script_name, '', $this->getServerConstant('REQUEST_URI')), 1);
if ($newlang !== null) {
$langurl = preg_replace("#^(.*/)?{$this->lang}/#", "$1{$newlang}/", $langurl);
}
// make sure that the resulting URL isn't interpreted as an absolute URL
$langurl = str_replace(":", "", $langurl);
return $langurl;
}

Expand Down
32 changes: 32 additions & 0 deletions tests/RequestTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,16 @@ public function testGetLangUrlNoParamVocab() {
$this->assertEquals("myvocab/en/", $langurl);
}

/**
* @covers Request::getLangUrl
*/
public function testGetLangUrlNoParamVocabIndex() {
$this->request->setServerConstant('SCRIPT_NAME', '/Skosmos/index.php');
$this->request->setServerConstant('REQUEST_URI', '/Skosmos/myvocab/en/index');
$langurl = $this->request->getLangUrl();
$this->assertEquals("myvocab/en/index", $langurl);
}

/**
* @covers Request::getLangUrl
*/
Expand All @@ -208,4 +218,26 @@ public function testGetLangUrlNewLangVocab() {
$this->assertEquals("myvocab/sv/", $langurl);
}

/**
* @covers Request::getLangUrl
*/
public function testGetLangUrlNewLangVocabIndex() {
$this->request->setServerConstant('SCRIPT_NAME', '/Skosmos/index.php');
$this->request->setServerConstant('REQUEST_URI', '/Skosmos/myvocab/en/index');
$this->request->setLang('en');
$langurl = $this->request->getLangUrl("sv");
$this->assertEquals("myvocab/sv/index", $langurl);
}

/**
* @covers Request::getLangUrl
*/
public function testGetLangUrlSanitizeSpecialChars() {
$this->request->setServerConstant('SCRIPT_NAME', '/Skosmos/index.php');
$this->request->setServerConstant('REQUEST_URI', '/Skosmos/http://example.com');
$this->request->setLang('en');
$langurl = $this->request->getLangUrl();
$this->assertEquals("http//example.com", $langurl);
}

}

0 comments on commit e6ec026

Please sign in to comment.