From 52c6c226c08726fc8c2e01af77f598a3db5efc64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Thu, 1 Apr 2021 03:04:32 +0200 Subject: [PATCH] [BUGFIX] Fixed issue with BaseCsrfVerifier matching urls against urls with parameters. - Added optional $includeParams parameter to Url::getRelativeUrl method. --- src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 6 +++--- src/Pecee/Http/Middleware/IpRestrictAccess.php | 4 ++++ src/Pecee/Http/Url.php | 7 ++++++- src/Pecee/SimpleRouter/Route/RouteGroup.php | 1 - src/Pecee/SimpleRouter/SimpleRouter.php | 4 ++-- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php index f42c94e..edfbd84 100644 --- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php +++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php @@ -50,12 +50,12 @@ class BaseCsrfVerifier implements IMiddleware $url = rtrim($url, '*'); $skip = $request->getUrl()->contains($url); } else { - $skip = ($url === $request->getUrl()->getOriginalUrl()); + $skip = ($url === $request->getUrl()->getRelativeUrl(false)); } if ($skip === true) { - if($this->include !== null && count($this->include) > 0) { + if(is_array($this->include) === true && count($this->include) > 0) { foreach($this->include as $includeUrl) { $includeUrl = rtrim($includeUrl, '/'); if ($includeUrl[strlen($includeUrl) - 1] === '*') { @@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware break; } - $skip = !($includeUrl === $request->getUrl()->getOriginalUrl()); + $skip = !($includeUrl === $request->getUrl()->getRelativeUrl(false)); } } diff --git a/src/Pecee/Http/Middleware/IpRestrictAccess.php b/src/Pecee/Http/Middleware/IpRestrictAccess.php index 483ce22..23fdc35 100644 --- a/src/Pecee/Http/Middleware/IpRestrictAccess.php +++ b/src/Pecee/Http/Middleware/IpRestrictAccess.php @@ -34,6 +34,10 @@ abstract class IpRestrictAccess implements IMiddleware return true; } + /** + * @param Request $request + * @throws HttpException + */ public function handle(Request $request): void { if($this->validate((string)$request->getIp()) === false) { diff --git a/src/Pecee/Http/Url.php b/src/Pecee/Http/Url.php index fb3c9c9..92be2c7 100644 --- a/src/Pecee/Http/Url.php +++ b/src/Pecee/Http/Url.php @@ -427,10 +427,15 @@ class Url implements JsonSerializable /** * Returns the relative url * + * @param bool $includeParams * @return string */ - public function getRelativeUrl(): string + public function getRelativeUrl($includeParams = true): string { + if($includeParams === false) { + return rtrim($this->path, '/'); + } + $params = $this->getQueryString(); $path = $this->path ?? ''; diff --git a/src/Pecee/SimpleRouter/Route/RouteGroup.php b/src/Pecee/SimpleRouter/Route/RouteGroup.php index 8233fbc..714acc3 100644 --- a/src/Pecee/SimpleRouter/Route/RouteGroup.php +++ b/src/Pecee/SimpleRouter/Route/RouteGroup.php @@ -183,7 +183,6 @@ class RouteGroup extends Route implements IGroupRoute */ public function setSettings(array $settings, bool $merge = false): IRoute { - if (isset($settings['prefix']) === true) { $this->setPrefix($settings['prefix'] . $this->prefix); } diff --git a/src/Pecee/SimpleRouter/SimpleRouter.php b/src/Pecee/SimpleRouter/SimpleRouter.php index 74b3a79..f96bf84 100644 --- a/src/Pecee/SimpleRouter/SimpleRouter.php +++ b/src/Pecee/SimpleRouter/SimpleRouter.php @@ -4,8 +4,8 @@ * Router helper class * --------------------------- * - * This class is added so calls can be made statically like Router::get() making the code look pretty. - * It also adds some extra functionality like default-namespace. + * This class is added so calls can be made statically like SimpleRouter::get() making the code look pretty. + * It also adds some extra functionality like default-namespace etc. */ namespace Pecee\SimpleRouter;