Skip to content

[HttpKernel] fix HInclude src (closes #8951) #8960

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2013
Merged

[HttpKernel] fix HInclude src (closes #8951) #8960

merged 1 commit into from
Sep 8, 2013

Conversation

fabpot
Copy link
Member

@fabpot fabpot commented Sep 8, 2013

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #8951
License MIT
Doc PR n/a

fixes a regression introduced in #8879

@fabpot fabpot mentioned this pull request Sep 8, 2013
Closed
fabpot added a commit that referenced this pull request Sep 8, 2013
@fabpot
merged branch fabpot/hinclude-signer (PR #8960)
d4236ca 
This PR was merged into the 2.2 branch.

Discussion
----------

[HttpKernel] fix HInclude src (closes #8951)

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #8951
| License       | MIT
| Doc PR        | n/a

fixes a regression introduced in #8879

Commits
-------

49f5027 [HttpKernel] fixer HInclude src (closes #8951)
@fabpot fabpot merged commit 49f5027 into symfony:2.2 Sep 8, 2013
Tobion
Tobion reviewed Sep 8, 2013
View reviewed changes
src/Symfony/Component/HttpKernel/Fragment/HIncludeFragmentRenderer.php
@@ -80,7 +80,8 @@ public function render($uri, Request $request, array $options = array())
throw new \LogicException('You must use a proper URI when using the Hinclude rendering strategy or set a URL signer.');
}

$uri = $this->signer->sign($this->generateFragmentUri($uri, $request));
// we need to sign the absolute URI, but want to return the path only.
$uri = str_replace($request->getSchemeAndHttpHost(), '', $this->signer->sign($this->generateFragmentUri($uri, $request, true)));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not something like substr(..., strlen($request->getSchemeAndHttpHost()))
Seems more safe and reliable

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because the chars of scheme and host could possible be in the path as well, replacing them there by accident as well

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, done in dc762e1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fabpot @Tobion