Verified Commit 9392bd2f authored by Lee Rowlands's avatar Lee Rowlands
Browse files

Issue #3489329 by mfb, casey: symfony/http-foundation commit 32310ff breaks PathValidator

(cherry picked from commit 90ab4e3d)
parent 73487835
Loading
Loading
Loading
Loading
Loading
+10 −1
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\Core\Routing\RouteObjectInterface;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Exception\MethodNotAllowedException;
@@ -118,7 +119,12 @@ protected function getUrl($path, $access_check) {
      return Url::fromUri($path);
    }

    try {
      $request = Request::create('/' . $path);
    }
    catch (BadRequestException) {
      return FALSE;
    }
    $attributes = $this->getPathAttributes($path, $request, $access_check);

    if (!$attributes) {
@@ -172,6 +178,9 @@ protected function getPathAttributes($path, Request $request, $access_check) {
    catch (MethodNotAllowedException $e) {
      $result = FALSE;
    }
    catch (BadRequestException) {
      $result = FALSE;
    }

    $router->setContext($initial_request_context);
    return $result;
+16 −0
Original line number Diff line number Diff line
@@ -444,4 +444,20 @@ public function testGetUrlIfValidWithoutAccessCheck(): void {
    $this->assertEquals(['key' => 'value'], $url->getRouteParameters());
  }

  /**
   * Tests the getUrlIfValidWithoutAccessCheck() method with an invalid path.
   *
   * @covers ::getUrlIfValidWithoutAccessCheck
   * @covers ::getUrl
   */
  public function testGetUrlIfValidWithoutAccessCheckWithInvalidPath(): void {
    // URLs must not start nor end with ASCII control characters or spaces.
    $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo '));
    // Also check URL-encoded variant.
    $this->pathProcessor->expects($this->once())
      ->method('processInbound')
      ->willReturnArgument(0);
    $this->assertFalse($this->pathValidator->getUrlIfValidWithoutAccessCheck('foo%20'));
  }

}