mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sanatize remaining invalid URL characters somehow returned by InfoProviders

Browse source 
This fixes issue #521
This commit is contained in:
Jan Böhmer 2024-02-24 23:55:31 +01:00
parent 4b7d200aa2
commit 12e9497ccf
2 changed files with 64 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/Services/InfoProviderSystem/DTOs/FileDTO.php
View file

@ -29,14 +29,24 @@ namespace App\Services\InfoProviderSystem\DTOs;
*/ */
class FileDTO class FileDTO
{ {
/**
* @var string The URL where to get this file
*/
public readonly string $url;
/** /**
* @param string $url The URL where to get this file * @param string $url The URL where to get this file
* @param string|null $name Optionally the name of this file * @param string|null $name Optionally the name of this file
*/ */
public function __construct( public function __construct(
public readonly string $url, string $url,
public readonly ?string $name = null, public readonly ?string $name = null,
) {} ) {
//Find all occurrences of non URL safe characters and replace them with their URL encoded version.
//We only want to replace characters which can not have a valid meaning in a URL (what would break the URL).
//Digikey provided some wrong URLs with a ^ in them, which is not a valid URL character. (https://github.com/Part-DB/Part-DB-server/issues/521)
$this->url = preg_replace_callback('/[^a-zA-Z0-9_\-.$+!*();\/?:@=&#%]/', fn($matches) => urlencode($matches[0]), $url);
}
} }

52
tests/Services/InfoProviderSystem/DTOs/FileDTOTest.php Normal file
View file

@ -0,0 +1,52 @@
<?php
/*
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace App\Tests\Services\InfoProviderSystem\DTOs;
use App\Services\InfoProviderSystem\DTOs\FileDTO;
use PHPUnit\Framework\TestCase;
class FileDTOTest extends TestCase
{
public static function escapingDataProvider(): array
{
return [
//Normal URLs must be unchanged, even if they contain special characters
["https://localhost:8000/en/part/1335/edit#attachments", "https://localhost:8000/en/part/1335/edit#attachments"],
["https://localhost:8000/en/part/1335/edit?test=%20%20&sfee_aswer=test-223!*()", "https://localhost:8000/en/part/1335/edit?test=%20%20&sfee_aswer=test-223!*()"],
//Remaining URL unsafe characters must be escaped
["test%5Ese", "test^se"],
["test+se", "test se"],
["test%7Cse", "test|se"],
];
}
/**
* @dataProvider escapingDataProvider
*/
public function testURLEscaping(string $expected, string $input): void
{
$fileDTO = new FileDTO( $input);
self::assertSame($expected, $fileDTO->url);
}
}