+38 -7

lib/request.php

reviewed

··· 63 63 . "%)"; 64 64 65 65 $log .= " | " . $status . " [" . $req->url . "]"; 66 66 - 66 66 + 67 67 if (isset($req->redirected_to)) 68 68 $log .= " -> [" . $req->redirected_to . "]"; 69 69 - 69 69 + 70 70 Log::info($log); 71 71 } 72 72 ··· 86 86 87 87 $url_parts = parse_url($url); 88 88 89 89 - $this->url = $url; 90 89 $this->scheme = @$url_parts["scheme"]; 90 90 + if (empty($this->scheme)) 91 91 + $this->scheme = "http"; 92 92 + 91 93 $this->host = @$url_parts["host"]; 94 94 + 92 95 $this->port = @$url_parts["port"]; 96 96 + if (empty($this->port)) { 97 97 + if (strtolower($this->scheme) == "https") 98 98 + $this->port = 443; 99 99 + else 100 100 + $this->port = 80; 101 101 + } 102 102 + 103 103 + /* normalize path, strip leading and trailing slashes */ 93 104 $this->path = @$url_parts["path"]; 105 105 + if ($this->path == "") 106 106 + $this->path = "/"; 107 107 + $path_dirs = explode("/", $this->path); 108 108 + $tpath = array(); 109 109 + foreach ($path_dirs as $tdir) { 110 110 + if ($tdir == "" || $tdir == ".") 111 111 + continue; 112 112 + elseif ($tdir == "..") { 113 113 + array_pop($tpath); 114 114 + continue; 115 115 + } 116 116 + 117 117 + array_push($tpath, $tdir); 118 118 + } 119 119 + $this->path = join("/", $tpath); 120 120 + 94 121 $this->query = @$url_parts["query"]; 95 122 96 96 - /* strip leading and trailing slashes, then again in case some were 97 97 - * hiding */ 98 98 - $this->path = trim(preg_replace("/^\/*/", "", preg_replace("/\/$/", "", 99 99 - trim($this->path)))); 123 123 + $this->url = $this->scheme . "://" . $this->host; 124 124 + if ($this->port != 80 && $this->port != 443) 125 125 + $this->url .= ":" . $this->port; 126 126 + 127 127 + $this->url .= "/" . $this->path; 128 128 + 129 129 + if ($this->query != "") 130 130 + $this->url .= "?" . $this->query; 100 131 101 132 /* if this looks like a request from ie's castrated XDomainRequest() 102 133 * then it didn't send a proper content-type, so try to read and parse

+45

test/RequestTest.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + require(__DIR__ . "/../lib/halfmoon.php"); 4 4 + 5 5 + class RequestTest extends PHPUnit_Framework_TestCase { 6 6 + public function testNormalRequest() { 7 7 + $req = new \HalfMoon\Request( 8 8 + "https://www.example.com/test/blah/?whatever=hello", 9 9 + array("whatever" => "hello"), array(), array(), time()); 10 10 + 11 11 + $this->assertEquals("https", $req->scheme); 12 12 + $this->assertEquals("www.example.com", $req->host); 13 13 + $this->assertEquals(443, $req->port); 14 14 + $this->assertEquals("test/blah", $req->path); 15 15 + $this->assertEquals("whatever=hello", $req->query); 16 16 + } 17 17 + 18 18 + public function testWeakRequest() { 19 19 + $req = new \HalfMoon\Request( 20 20 + "http://a", 21 21 + array(), array(), array(), time()); 22 22 + 23 23 + $this->assertEquals("http", $req->scheme); 24 24 + $this->assertEquals("a", $req->host); 25 25 + $this->assertEquals(80, $req->port); 26 26 + $this->assertEquals("", $req->path); 27 27 + $this->assertEquals("", $req->query); 28 28 + } 29 29 + 30 30 + public function testMaliciousRequest() { 31 31 + $req = new \HalfMoon\Request( 32 32 + "http://www.example.com/test/../notreally?test=hello", 33 33 + array("test" => "hello"), array(), array(), time()); 34 34 + 35 35 + $this->assertEquals("notreally", $req->path); 36 36 + 37 37 + $req = new \HalfMoon\Request( 38 38 + "http://www.example.com/test/////asdf//", 39 39 + array("test" => "hello"), array(), array(), time()); 40 40 + 41 41 + $this->assertEquals("test/asdf", $req->path); 42 42 + } 43 43 + } 44 44 + 45 45 + ?>