Loading core/lib/Drupal/Component/Utility/UrlHelper.php +11 −4 Original line number Diff line number Diff line Loading @@ -99,16 +99,23 @@ public static function compressQueryParameter(string $data): string { * A string as compressed by * \Drupal\Component\Utility\UrlHelper::compressQueryParameter(). * * @return string|bool * The uncompressed data or FALSE on failure. * @return string * The uncompressed data, or the original string if it cannot be * uncompressed. */ public static function uncompressQueryParameter(string $compressed): string|bool { public static function uncompressQueryParameter(string $compressed): string { if (!\extension_loaded('zlib')) { return $compressed; } // Because this comes from user data, suppress the PHP warning that // gzcompress() throws if the base64-encoded string is invalid. return @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed))); $return = @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed))); // If we failed to uncompress the query parameter, it may be a stale link // from before compression was implemented with the URL parameter // uncompressed already, or it may be an incorrectly formatted URL. // In either case, pass back the original string to the caller. return $return === FALSE ? $compressed : $return; } /** Loading core/modules/system/src/Controller/AssetControllerBase.php +13 −10 Original line number Diff line number Diff line Loading @@ -160,19 +160,22 @@ public function deliver(Request $request, string $file_name) { $this->themeManager->setActiveTheme($active_theme); $attached_assets = new AttachedAssets(); $include_string = UrlHelper::uncompressQueryParameter($request->query->get('include')); $include_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('include'))); if (!$include_string) { $validate = function ($libraries_to_check) { foreach ($libraries_to_check as $library) { if (substr_count($library, '/') !== 1) { throw new BadRequestHttpException('The libraries to include are encoded incorrectly.'); } $attached_assets->setLibraries(explode(',', $include_string)); } }; $validate($include_libraries); $attached_assets->setLibraries($include_libraries); if ($request->query->has('exclude')) { $exclude_string = UrlHelper::uncompressQueryParameter($request->query->get('exclude')); if (!$exclude_string) { throw new BadRequestHttpException('The libraries to exclude are encoded incorrectly.'); } $attached_assets->setAlreadyLoadedLibraries(explode(',', $exclude_string)); $exclude_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('exclude'))); $validate($exclude_libraries); $attached_assets->setAlreadyLoadedLibraries($exclude_libraries); } $groups = $this->getGroups($attached_assets, $request); Loading core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -129,8 +129,8 @@ public function testCompressUncompress() { */ public function testUncompressInvalidString() { // Pass an invalid string to ::uncompressQueryParameter() and ensure it // doesn't result in a PHP warning. $this->assertFalse(UrlHelper::uncompressQueryParameter('llama')); // returns the passed string without resulting in a PHP warning. $this->assertSame('llama', UrlHelper::uncompressQueryParameter('llama')); } /** Loading Loading
core/lib/Drupal/Component/Utility/UrlHelper.php +11 −4 Original line number Diff line number Diff line Loading @@ -99,16 +99,23 @@ public static function compressQueryParameter(string $data): string { * A string as compressed by * \Drupal\Component\Utility\UrlHelper::compressQueryParameter(). * * @return string|bool * The uncompressed data or FALSE on failure. * @return string * The uncompressed data, or the original string if it cannot be * uncompressed. */ public static function uncompressQueryParameter(string $compressed): string|bool { public static function uncompressQueryParameter(string $compressed): string { if (!\extension_loaded('zlib')) { return $compressed; } // Because this comes from user data, suppress the PHP warning that // gzcompress() throws if the base64-encoded string is invalid. return @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed))); $return = @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed))); // If we failed to uncompress the query parameter, it may be a stale link // from before compression was implemented with the URL parameter // uncompressed already, or it may be an incorrectly formatted URL. // In either case, pass back the original string to the caller. return $return === FALSE ? $compressed : $return; } /** Loading
core/modules/system/src/Controller/AssetControllerBase.php +13 −10 Original line number Diff line number Diff line Loading @@ -160,19 +160,22 @@ public function deliver(Request $request, string $file_name) { $this->themeManager->setActiveTheme($active_theme); $attached_assets = new AttachedAssets(); $include_string = UrlHelper::uncompressQueryParameter($request->query->get('include')); $include_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('include'))); if (!$include_string) { $validate = function ($libraries_to_check) { foreach ($libraries_to_check as $library) { if (substr_count($library, '/') !== 1) { throw new BadRequestHttpException('The libraries to include are encoded incorrectly.'); } $attached_assets->setLibraries(explode(',', $include_string)); } }; $validate($include_libraries); $attached_assets->setLibraries($include_libraries); if ($request->query->has('exclude')) { $exclude_string = UrlHelper::uncompressQueryParameter($request->query->get('exclude')); if (!$exclude_string) { throw new BadRequestHttpException('The libraries to exclude are encoded incorrectly.'); } $attached_assets->setAlreadyLoadedLibraries(explode(',', $exclude_string)); $exclude_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('exclude'))); $validate($exclude_libraries); $attached_assets->setAlreadyLoadedLibraries($exclude_libraries); } $groups = $this->getGroups($attached_assets, $request); Loading
core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -129,8 +129,8 @@ public function testCompressUncompress() { */ public function testUncompressInvalidString() { // Pass an invalid string to ::uncompressQueryParameter() and ensure it // doesn't result in a PHP warning. $this->assertFalse(UrlHelper::uncompressQueryParameter('llama')); // returns the passed string without resulting in a PHP warning. $this->assertSame('llama', UrlHelper::uncompressQueryParameter('llama')); } /** Loading
