Loading core/lib/Drupal/Core/Path/PathValidator.php +10 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ use Drupal\Core\Session\AccountInterface; use Drupal\Core\Url; use Drupal\Core\Routing\RouteObjectInterface; use Symfony\Component\HttpFoundation\Exception\BadRequestException; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\Routing\Exception\MethodNotAllowedException; Loading Loading @@ -118,7 +119,12 @@ protected function getUrl($path, $access_check) { return Url::fromUri($path); } try { $request = Request::create('/' . $path); } catch (BadRequestException) { return FALSE; } $attributes = $this->getPathAttributes($path, $request, $access_check); if (!$attributes) { Loading Loading @@ -172,6 +178,9 @@ protected function getPathAttributes($path, Request $request, $access_check) { catch (MethodNotAllowedException $e) { $result = FALSE; } catch (BadRequestException) { $result = FALSE; } $router->setContext($initial_request_context); return $result; Loading core/tests/Drupal/Tests/Core/Path/PathValidatorTest.php +16 −0 Original line number Diff line number Diff line Loading @@ -444,4 +444,20 @@ public function testGetUrlIfValidWithoutAccessCheck(): void { $this->assertEquals(['key' => 'value'], $url->getRouteParameters()); } /** * Tests the getUrlIfValidWithoutAccessCheck() method with an invalid path. * * @covers ::getUrlIfValidWithoutAccessCheck * @covers ::getUrl */ public function testGetUrlIfValidWithoutAccessCheckWithInvalidPath(): void { // URLs must not start nor end with ASCII control characters or spaces. $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo ')); // Also check URL-encoded variant. $this->pathProcessor->expects($this->once()) ->method('processInbound') ->willReturnArgument(0); $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo%20')); } } Loading
core/lib/Drupal/Core/Path/PathValidator.php +10 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ use Drupal\Core\Session\AccountInterface; use Drupal\Core\Url; use Drupal\Core\Routing\RouteObjectInterface; use Symfony\Component\HttpFoundation\Exception\BadRequestException; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\Routing\Exception\MethodNotAllowedException; Loading Loading @@ -118,7 +119,12 @@ protected function getUrl($path, $access_check) { return Url::fromUri($path); } try { $request = Request::create('/' . $path); } catch (BadRequestException) { return FALSE; } $attributes = $this->getPathAttributes($path, $request, $access_check); if (!$attributes) { Loading Loading @@ -172,6 +178,9 @@ protected function getPathAttributes($path, Request $request, $access_check) { catch (MethodNotAllowedException $e) { $result = FALSE; } catch (BadRequestException) { $result = FALSE; } $router->setContext($initial_request_context); return $result; Loading
core/tests/Drupal/Tests/Core/Path/PathValidatorTest.php +16 −0 Original line number Diff line number Diff line Loading @@ -444,4 +444,20 @@ public function testGetUrlIfValidWithoutAccessCheck(): void { $this->assertEquals(['key' => 'value'], $url->getRouteParameters()); } /** * Tests the getUrlIfValidWithoutAccessCheck() method with an invalid path. * * @covers ::getUrlIfValidWithoutAccessCheck * @covers ::getUrl */ public function testGetUrlIfValidWithoutAccessCheckWithInvalidPath(): void { // URLs must not start nor end with ASCII control characters or spaces. $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo ')); // Also check URL-encoded variant. $this->pathProcessor->expects($this->once()) ->method('processInbound') ->willReturnArgument(0); $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo%20')); } }
