From 01b0d2330566842cdd82a9fa38321030059bf009 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Sun, 19 Jan 2020 15:09:06 +0100
Subject: [PATCH] [BUGFIX] Consider Symfony route modifier
Symfony route modifiers like `{!parameter}` were not encapsulated
when preparing TYPO3 specific enhancer data for route processing.
Internal static MD5 hashing is reduced by 4 bits (one character
when hex encoded) to keep route modifier in deflated values.
Resolves: #90149
Releases: master, 9.5
Change-Id: I040e24b2b49d76ad2a67deb9da43d70be4305722
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62994
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
.../Routing/Enhancer/VariableProcessor.php | 35 ++++---
.../Enhancer/VariableProcessorTest.php | 98 ++++++++++++++-----
.../SiteHandling/EnhancerSiteRequestTest.php | 19 +++-
3 files changed, 109 insertions(+), 43 deletions(-)
diff --git a/typo3/sysext/core/Classes/Routing/Enhancer/VariableProcessor.php b/typo3/sysext/core/Classes/Routing/Enhancer/VariableProcessor.php
index da75878605c2..308f4541a4e1 100644
--- a/typo3/sysext/core/Classes/Routing/Enhancer/VariableProcessor.php
+++ b/typo3/sysext/core/Classes/Routing/Enhancer/VariableProcessor.php
@@ -23,7 +23,7 @@ class VariableProcessor
{
protected const LEVEL_DELIMITER = '__';
protected const ARGUMENT_SEPARATOR = '/';
- protected const VARIABLE_PATTERN = '#\{(?P<name>[^}]+)\}#';
+ protected const VARIABLE_PATTERN = '#\{(?P<modifier>!)?(?P<name>[^}]+)\}#';
/**
* @var array
@@ -41,10 +41,11 @@ class VariableProcessor
*/
protected function addHash(string $value): string
{
- if (strlen($value) < 32 && !preg_match('#[^\w]#', $value)) {
+ if (strlen($value) < 31 && !preg_match('#[^\w]#', $value)) {
return $value;
}
- $hash = md5($value);
+ // removing one bit, e.g. for enforced route prefix `{!value}`
+ $hash = substr(md5($value), 0, -1);
// Symfony Route Compiler requires first literal to be non-integer
if ($hash[0] === (string)(int)$hash[0]) {
$hash[0] = str_replace(
@@ -64,7 +65,7 @@ class VariableProcessor
*/
protected function resolveHash(string $hash): string
{
- if (strlen($hash) < 32) {
+ if (strlen($hash) < 31) {
return $hash;
}
if (!isset($this->hashes[$hash])) {
@@ -118,14 +119,13 @@ class VariableProcessor
return $routePath;
}
+ $replace = [];
$search = array_values($matches[0]);
- $replace = array_map(
- function (string $name) {
- return '{' . $name . '}';
- },
- $this->deflateValues($matches['name'], $namespace, $arguments)
- );
-
+ $deflatedNames = $this->deflateValues($matches['name'], $namespace, $arguments);
+ foreach ($deflatedNames as $index => $deflatedName) {
+ $modifier = $matches['modifier'][$index] ?? '';
+ $replace[] = '{' . $modifier . $deflatedName . '}';
+ }
return str_replace($search, $replace, $routePath);
}
@@ -141,14 +141,13 @@ class VariableProcessor
return $routePath;
}
+ $replace = [];
$search = array_values($matches[0]);
- $replace = array_map(
- function (string $name) {
- return '{' . $name . '}';
- },
- $this->inflateValues($matches['name'], $namespace, $arguments)
- );
-
+ $inflatedNames = $this->inflateValues($matches['name'], $namespace, $arguments);
+ foreach ($inflatedNames as $index => $inflatedName) {
+ $modifier = $matches['modifier'][$index] ?? '';
+ $replace[] = '{' . $modifier . $inflatedName . '}';
+ }
return str_replace($search, $replace, $routePath);
}
diff --git a/typo3/sysext/core/Tests/Unit/Routing/Enhancer/VariableProcessorTest.php b/typo3/sysext/core/Tests/Unit/Routing/Enhancer/VariableProcessorTest.php
index 69344431a97a..34ca8ed366d5 100644
--- a/typo3/sysext/core/Tests/Unit/Routing/Enhancer/VariableProcessorTest.php
+++ b/typo3/sysext/core/Tests/Unit/Routing/Enhancer/VariableProcessorTest.php
@@ -40,41 +40,93 @@ class VariableProcessorTest extends UnitTestCase
public function routePathDataProvider(): array
{
+ $plainInflatedRoutePath = '/static/{aa}/{bb}/{some_cc}/tail';
+ $enforcedInflatedRoutePath = '/static/{!aa}/{bb}/{some_cc}/tail';
+
return [
- 'no arguments, no namespace' => [
+ 'no arguments, no namespace (plain)' => [
null,
[],
+ $plainInflatedRoutePath,
'/static/{aa}/{bb}/{some_cc}/tail'
],
- 'aa -> zz, no namespace' => [
+ 'no arguments, no namespace (enforced)' => [
+ null,
+ [],
+ $enforcedInflatedRoutePath,
+ '/static/{!aa}/{bb}/{some_cc}/tail'
+ ],
+ 'aa -> zz, no namespace (plain)' => [
null,
['aa' => 'zz'],
+ $plainInflatedRoutePath,
'/static/{zz}/{bb}/{some_cc}/tail'
],
- 'aa -> @any/nested, no namespace' => [
+ 'aa -> zz, no namespace (enforced)' => [
+ null,
+ ['aa' => 'zz'],
+ $enforcedInflatedRoutePath,
+ '/static/{!zz}/{bb}/{some_cc}/tail'
+ ],
+ 'aa -> @any/nested, no namespace (plain)' => [
null,
['aa' => '@any/nested'],
- '/static/{qbeced67e6b340abc67a397f6e90bb0e}/{bb}/{some_cc}/tail'
+ $plainInflatedRoutePath,
+ '/static/{qbeced67e6b340abc67a397f6e90bb0}/{bb}/{some_cc}/tail'
],
- 'no arguments, first' => [
+ 'aa -> @any/nested, no namespace (enforced)' => [
+ null,
+ ['aa' => '@any/nested'],
+ $enforcedInflatedRoutePath,
+ '/static/{!qbeced67e6b340abc67a397f6e90bb0}/{bb}/{some_cc}/tail'
+ ],
+ 'no arguments, first (plain)' => [
'first',
[],
+ $plainInflatedRoutePath,
'/static/{first__aa}/{first__bb}/{first__some_cc}/tail'
],
- 'aa -> zz, first' => [
+ 'no arguments, first (enforced)' => [
+ 'first',
+ [],
+ $enforcedInflatedRoutePath,
+ '/static/{!first__aa}/{first__bb}/{first__some_cc}/tail'
+ ],
+ 'aa -> zz, first (plain)' => [
'first',
['aa' => 'zz'],
+ $plainInflatedRoutePath,
'/static/{first__zz}/{first__bb}/{first__some_cc}/tail'
],
- 'aa -> any/nested, first' => [
+ 'aa -> zz, first (enforced)' => [
+ 'first',
+ ['aa' => 'zz'],
+ $enforcedInflatedRoutePath,
+ '/static/{!first__zz}/{first__bb}/{first__some_cc}/tail'
+ ],
+ 'aa -> any/nested, first (plain)' => [
'first',
['aa' => 'any/nested'],
+ $plainInflatedRoutePath,
'/static/{first__any__nested}/{first__bb}/{first__some_cc}/tail'
],
- 'aa -> @any/nested, first' => [
+ 'aa -> any/nested, first (enforced)' => [
+ 'first',
+ ['aa' => 'any/nested'],
+ $enforcedInflatedRoutePath,
+ '/static/{!first__any__nested}/{first__bb}/{first__some_cc}/tail'
+ ],
+ 'aa -> @any/nested, first (plain)' => [
+ 'first',
+ ['aa' => '@any/nested'],
+ $plainInflatedRoutePath,
+ '/static/{ab0ce8f9f822228b4f324ec38b9c038}/{first__bb}/{first__some_cc}/tail'
+ ],
+ 'aa -> @any/nested, first (enforced)' => [
'first',
['aa' => '@any/nested'],
- '/static/{ab0ce8f9f822228b4f324ec38b9c0388}/{first__bb}/{first__some_cc}/tail'
+ $enforcedInflatedRoutePath,
+ '/static/{!ab0ce8f9f822228b4f324ec38b9c038}/{first__bb}/{first__some_cc}/tail'
],
];
}
@@ -82,14 +134,14 @@ class VariableProcessorTest extends UnitTestCase
/**
* @param string|null $namespace
* @param array $arguments
+ * @param string $inflatedRoutePath
* @param string $deflatedRoutePath
*
* @test
* @dataProvider routePathDataProvider
*/
- public function isRoutePathProcessed(?string $namespace, array $arguments, string $deflatedRoutePath)
+ public function isRoutePathProcessed(?string $namespace, array $arguments, string $inflatedRoutePath, string $deflatedRoutePath)
{
- $inflatedRoutePath = '/static/{aa}/{bb}/{some_cc}/tail';
self::assertSame(
$deflatedRoutePath,
$this->subject->deflateRoutePath($inflatedRoutePath, $namespace, $arguments)
@@ -108,15 +160,15 @@ class VariableProcessorTest extends UnitTestCase
return [
'no namespace, no arguments' => [
[],
- ['a' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['a' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'no namespace, a -> newA' => [
['a' => 'newA'],
- ['newA' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['newA' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'no namespace, a -> @any/nested' => [
['a' => '@any/nested'],
- ['qbeced67e6b340abc67a397f6e90bb0e' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['qbeced67e6b340abc67a397f6e90bb0' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
];
}
@@ -167,32 +219,32 @@ class VariableProcessorTest extends UnitTestCase
'first, no arguments' => [
'first',
[],
- ['a' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['a' => 'a', 'first__aa' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'first, aa -> newAA' => [
'first',
['aa' => 'newAA'],
- ['a' => 'a', 'first__newAA' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['a' => 'a', 'first__newAA' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'first, second -> newSecond' => [
'first',
['second' => 'newSecond'],
- ['a' => 'a', 'first__aa' => 'aa', 'first__newSecond__aaa' => 'aaa', 'q7aded81f5d1607191c695720db7ab23' => '@any']
+ ['a' => 'a', 'first__aa' => 'aa', 'first__newSecond__aaa' => 'aaa', 'q7aded81f5d1607191c695720db7ab2' => '@any']
],
'first, aa -> any/nested' => [
'first',
['aa' => 'any/nested'],
- ['a' => 'a', 'first__any__nested' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['a' => 'a', 'first__any__nested' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'first, aa -> @any/nested' => [
'first',
['aa' => '@any/nested'],
- ['a' => 'a', 'ab0ce8f9f822228b4f324ec38b9c0388' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9b' => '@any']
+ ['a' => 'a', 'ab0ce8f9f822228b4f324ec38b9c038' => 'aa', 'first__second__aaa' => 'aaa', 'a9d66412d169b85537e11d9e49b75f9' => '@any']
],
'first, aa -> newAA, second => newSecond' => [
'first',
['aa' => 'newAA', 'second' => 'newSecond'],
- ['a' => 'a', 'first__newAA' => 'aa', 'first__newSecond__aaa' => 'aaa', 'q7aded81f5d1607191c695720db7ab23' => '@any']
+ ['a' => 'a', 'first__newAA' => 'aa', 'first__newSecond__aaa' => 'aaa', 'q7aded81f5d1607191c695720db7ab2' => '@any']
],
];
}
@@ -268,17 +320,17 @@ class VariableProcessorTest extends UnitTestCase
'a -> @any/nested, no namespace' => [
null,
['a' => '@any/nested'],
- ['qbeced67e6b340abc67a397f6e90bb0e' => 'a', 'b' => 'b', 'c' => ['d' => 'd', 'e' => 'e']]
+ ['qbeced67e6b340abc67a397f6e90bb0' => 'a', 'b' => 'b', 'c' => ['d' => 'd', 'e' => 'e']]
],
'a -> newA, namespace_being_longer_than_32_characters' => [
'namespace_being_longer_than_32_characters',
['a' => 'newA'],
- ['qaea1f31c57b9c3e78c8205838d4563c' => 'a', 'ub5e2989b61a4964ba4e06fc6de85276' => 'b', 'oabf16f448f7b02c6ecb13d155e5a4b5' => ['d' => 'd', 'e' => 'e']]
+ ['qaea1f31c57b9c3e78c8205838d4563' => 'a', 'ub5e2989b61a4964ba4e06fc6de8527' => 'b', 'oabf16f448f7b02c6ecb13d155e5a4b' => ['d' => 'd', 'e' => 'e']]
],
'a -> @any/nested, first' => [
'first',
['a' => '@any/nested'],
- ['ab0ce8f9f822228b4f324ec38b9c0388' => 'a', 'first__b' => 'b', 'first__c' => ['d' => 'd', 'e' => 'e']]
+ ['ab0ce8f9f822228b4f324ec38b9c038' => 'a', 'first__b' => 'b', 'first__c' => ['d' => 'd', 'e' => 'e']]
],
];
}
diff --git a/typo3/sysext/frontend/Tests/Functional/SiteHandling/EnhancerSiteRequestTest.php b/typo3/sysext/frontend/Tests/Functional/SiteHandling/EnhancerSiteRequestTest.php
index fb84834c9737..1b2892cdf4ca 100644
--- a/typo3/sysext/frontend/Tests/Functional/SiteHandling/EnhancerSiteRequestTest.php
+++ b/typo3/sysext/frontend/Tests/Functional/SiteHandling/EnhancerSiteRequestTest.php
@@ -661,6 +661,11 @@ class EnhancerSiteRequestTest extends AbstractTestCase
'value',
'test',
],
+ 'namespace[value] ? x^30' => [
+ 'namespace',
+ 'value',
+ str_repeat('x', 30),
+ ],
'namespace[value] ? x^31' => [
'namespace',
'value',
@@ -676,10 +681,10 @@ class EnhancerSiteRequestTest extends AbstractTestCase
'value',
str_repeat('x', 33),
],
- 'namespace[value] ? 1^32 (type-cast)' => [
+ 'namespace[value] ? 1^31 (type-cast)' => [
'namespace',
'value',
- str_repeat('1', 32),
+ str_repeat('1', 31),
],
// md5('namespace__@otne3') is 60360798585102000952995164024754 (numeric)
// md5('ximaz') is 61529519452809720693702583126814 (numeric)
@@ -710,6 +715,11 @@ class EnhancerSiteRequestTest extends AbstractTestCase
'namespace/other',
],
// namespace[any/value]
+ 'namespace[any/value] ? x^30' => [
+ 'namespace',
+ 'any/value',
+ str_repeat('x', 30),
+ ],
'namespace[any/value] ? x^31' => [
'namespace',
'any/value',
@@ -742,6 +752,11 @@ class EnhancerSiteRequestTest extends AbstractTestCase
'namespace/any/other',
],
// namespace[@any/value]
+ 'namespace[@any/value] ? x^30' => [
+ 'namespace',
+ '@any/value',
+ str_repeat('x', 30),
+ ],
'namespace[@any/value] ? x^31' => [
'namespace',
'@any/value',
--
GitLab