Merge pull request #8728 from cakephp/issue-8723

Backport range parsing resiliancy fixes from 3.x
2025-01-31 09:06:17 +00:00 · 2016-04-29 09:49:31 -04:00 · 2016-04-29 09:49:31 -04:00 · 0934d02f0e
commit 0934d02f0e
parent cbd54256e0 af953700b8
2 changed files with 67 additions and 29 deletions
--- a/lib/Cake/Network/CakeResponse.php
+++ b/lib/Cake/Network/CakeResponse.php
@ -1406,11 +1406,16 @@ class CakeResponse {
 * @return void
 */
 	protected function _fileRange($file, $httpRange) {
-		list(, $range) = explode('=', $httpRange);
-		list($start, $end) = explode('-', $range);
-
 		$fileSize = $file->size();
 		$lastByte = $fileSize - 1;
+		$start = 0;
+		$end = $lastByte;
+
+		preg_match('/^bytes\s*=\s*(\d+)?\s*-\s*(\d+)?$/', $httpRange, $matches);
+		if ($matches) {
+			$start = $matches[1];
+			$end = isset($matches[2]) ? $matches[2] : '';
+		}

 		if ($start === '') {
 			$start = $fileSize - $end;
--- a/lib/Cake/Test/Case/Network/CakeResponseTest.php
+++ b/lib/Cake/Test/Case/Network/CakeResponseTest.php
@ -1705,48 +1705,81 @@ class CakeResponseTest extends CakeTestCase {
 		$this->assertNotSame(false, $result);
 	}

+/**
+ * Provider for invalid range header values.
+ *
+ * @return array
+ */
+	public function invalidFileRangeProvider() {
+		return array(
+			// malformed range
+			array(
+				'bytes=0,38'
+			),
+
+			// malformed punctuation
+			array(
+				'bytes: 0 - 32'
+			),
+			array(
+				'garbage: poo - poo'
+			),
+		);
+	}
+
 /**
 * Test invalid file ranges.
 *
+ * @dataProvider invalidFileRangeProvider
 * @return void
 */
-	public function testFileRangeInvalid() {
-		$_SERVER['HTTP_RANGE'] = 'bytes=30-2';
+	public function testFileRangeInvalid($range) {
+		$_SERVER['HTTP_RANGE'] = $range;
 		$response = $this->getMock('CakeResponse', array(
-			'header',
-			'type',
 			'_sendHeader',
-			'_setContentType',
 			'_isActive',
-			'_clearBuffer',
-			'_flushBuffer'
 		));

-		$response->expects($this->at(1))
-			->method('header')
-			->with('Content-Disposition', 'attachment; filename="test_asset.css"');
-
-		$response->expects($this->at(2))
-			->method('header')
-			->with('Content-Transfer-Encoding', 'binary');
-
-		$response->expects($this->at(3))
-			->method('header')
-			->with('Accept-Ranges', 'bytes');
-
-		$response->expects($this->at(4))
-			->method('header')
-			->with(array(
-				'Content-Range' => 'bytes 0-37/38',
-			));
-
 		$response->file(
 			CAKE . 'Test' . DS . 'test_app' . DS . 'Vendor' . DS . 'css' . DS . 'test_asset.css',
 			array('download' => true)
 		);

+		$expected = array(
+			'Content-Disposition' => 'attachment; filename="test_asset.css"',
+			'Content-Transfer-Encoding' => 'binary',
+			'Accept-Ranges' => 'bytes',
+			'Content-Range' => 'bytes 0-37/38',
+			'Content-Length' => 38,
+		);
+		$this->assertEquals($expected, $response->header());
+	}
+
+/**
+ * Test backwards file range
+ *
+ * @return void
+ */
+	public function testFileRangeReversed() {
+		$_SERVER['HTTP_RANGE'] = 'bytes=30-5';
+		$response = $this->getMock('CakeResponse', array(
+			'_sendHeader',
+			'_isActive',
+		));
+
+		$response->file(
+			CAKE . 'Test' . DS . 'test_app' . DS . 'Vendor' . DS . 'css' . DS . 'test_asset.css',
+			array('download' => true)
+		);
+
+		$expected = array(
+			'Content-Disposition' => 'attachment; filename="test_asset.css"',
+			'Content-Transfer-Encoding' => 'binary',
+			'Accept-Ranges' => 'bytes',
+			'Content-Range' => 'bytes 0-37/38',
+		);
+		$this->assertEquals($expected, $response->header());
 		$this->assertEquals(416, $response->statusCode());
-		$response->send();
 	}

 /**