Fix: Blackholed request when POSTing to a URL with space

Eg: Actual Posted URL: /admin/settings/settings/prefix/Access%20Control $_GET value: /admin/settings/settings/prefix/Access_Control Since $unsetUrl differs, the $_GET value will get copied in to CakeRequest::$query, causing CakeRequest::here() to return: /admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control= This confuses SecurityComponent in the following line: f23d811ff5/lib/Cake/Controller/Component/SecurityComponent.php (L514)
2024-11-15 03:18:26 +00:00 · 2014-07-24 15:58:34 +07:00 · 2014-07-24 15:58:34 +07:00 · aad89444d1
commit aad89444d1
parent d0a22ade39
2 changed files with 15 additions and 1 deletions
--- a/lib/Cake/Network/CakeRequest.php
+++ b/lib/Cake/Network/CakeRequest.php
@ -207,7 +207,7 @@ class CakeRequest implements ArrayAccess {
 			$query = $_GET;
 		}

-		$unsetUrl = '/' . str_replace('.', '_', urldecode($this->url));
+		$unsetUrl = '/' . str_replace(array('.', ' '), '_', urldecode($this->url));
 		unset($query[$unsetUrl]);
 		unset($query[$this->base . $unsetUrl]);
 		if (strpos($this->url, '?') !== false) {
--- a/lib/Cake/Test/Case/Network/CakeRequestTest.php
+++ b/lib/Cake/Test/Case/Network/CakeRequestTest.php
@ -2144,6 +2144,20 @@ class CakeRequestTest extends CakeTestCase {
 		$this->assertEquals('/posts/base_path/1/name:value?test=value', $result);
 	}

+/**
+ * Test the here() with space in URL
+ *
+ * @return void
+ */
+	public function testHereWithSpaceInUrl() {
+		Configure::write('App.base', '');
+		$_GET = array('/admin/settings/settings/prefix/Access_Control' => '');
+		$request = new CakeRequest('/admin/settings/settings/prefix/Access%20Control');
+
+		$result = $request->here();
+		$this->assertEquals('/admin/settings/settings/prefix/Access%20Control', $result);
+	}
+
 /**
 * Test the input() method.
 *