Skip to content
Snippets Groups Projects
Verified Commit 596d2c09 authored by Dave Long's avatar Dave Long
Browse files

Issue #3416700 by catch, penyaskito, lamp5: Handle invalid compressed...

Issue #3416700 by catch, penyaskito, lamp5: Handle invalid compressed ajax_page_state more gracefully

(cherry picked from commit bfaae1b1)
parent 2e02b4c2
No related branches found
No related tags found
2 merge requests!8376Drupal views: adding more granularity to the ‘use ajax’ functionality,!8300Issue #3443586 View area displays even when parent view has no results.
Pipeline #154571 passed with warnings
+1
......@@ -99,16 +99,23 @@ public static function compressQueryParameter(string $data): string {
* A string as compressed by
* \Drupal\Component\Utility\UrlHelper::compressQueryParameter().
*
* @return string|bool
* The uncompressed data or FALSE on failure.
* @return string
* The uncompressed data, or the original string if it cannot be
* uncompressed.
*/
public static function uncompressQueryParameter(string $compressed): string|bool {
public static function uncompressQueryParameter(string $compressed): string {
if (!\extension_loaded('zlib')) {
return $compressed;
}
// Because this comes from user data, suppress the PHP warning that
// gzcompress() throws if the base64-encoded string is invalid.
return @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed)));
$return = @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed)));
// If we failed to uncompress the query parameter, it may be a stale link
// from before compression was implemented with the URL parameter
// uncompressed already, or it may be an incorrectly formatted URL.
// In either case, pass back the original string to the caller.
return $return === FALSE ? $compressed : $return;
}
/**
......
......@@ -160,19 +160,22 @@ public function deliver(Request $request, string $file_name) {
$this->themeManager->setActiveTheme($active_theme);
$attached_assets = new AttachedAssets();
$include_string = UrlHelper::uncompressQueryParameter($request->query->get('include'));
$include_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('include')));
if (!$include_string) {
throw new BadRequestHttpException('The libraries to include are encoded incorrectly.');
}
$attached_assets->setLibraries(explode(',', $include_string));
$validate = function ($libraries_to_check) {
foreach ($libraries_to_check as $library) {
if (substr_count($library, '/') !== 1) {
throw new BadRequestHttpException('The libraries to include are encoded incorrectly.');
}
}
};
$validate($include_libraries);
$attached_assets->setLibraries($include_libraries);
if ($request->query->has('exclude')) {
$exclude_string = UrlHelper::uncompressQueryParameter($request->query->get('exclude'));
if (!$exclude_string) {
throw new BadRequestHttpException('The libraries to exclude are encoded incorrectly.');
}
$attached_assets->setAlreadyLoadedLibraries(explode(',', $exclude_string));
$exclude_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('exclude')));
$validate($exclude_libraries);
$attached_assets->setAlreadyLoadedLibraries($exclude_libraries);
}
$groups = $this->getGroups($attached_assets, $request);
......
......@@ -129,8 +129,8 @@ public function testCompressUncompress() {
*/
public function testUncompressInvalidString() {
// Pass an invalid string to ::uncompressQueryParameter() and ensure it
// doesn't result in a PHP warning.
$this->assertFalse(UrlHelper::uncompressQueryParameter('llama'));
// returns the passed string without resulting in a PHP warning.
$this->assertSame('llama', UrlHelper::uncompressQueryParameter('llama'));
}
/**
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment