[Pkg-owncloud-commits] [php-sabredav] 09/75: Normalizing URIs before comparing them.

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository php-sabredav.

commit 1d077441cfd8f1b23b1b151188c42f67a7c49ede
Author: Evert Pot <evert at rooftopsolutions.nl>
Date:   Mon Jan 26 15:26:29 2015 -0800

    Normalizing URIs before comparing them.
    
    This fixes issues when clients incorrectly encode parts of the path, such as
    the tilde.
    
    Fixes #597
---
 composer.json                        |  1 +
 lib/DAV/Server.php                   | 12 +++++++-----
 tests/Sabre/DAV/ServerSimpleTest.php | 18 ------------------
 3 files changed, 8 insertions(+), 23 deletions(-)

diff --git a/composer.json b/composer.json
index 6502114..75bb61e 100644
--- a/composer.json
+++ b/composer.json
@@ -18,6 +18,7 @@
         "sabre/vobject": "~3.3.4",
         "sabre/event" : "~2.0.0",
         "sabre/http" : "~3.0.4",
+        "sabre/uri" : "dev-normalize as 0.0.2",
         "ext-dom": "*",
         "ext-pcre": "*",
         "ext-spl": "*",
diff --git a/lib/DAV/Server.php b/lib/DAV/Server.php
index ab01c0e..785d480 100644
--- a/lib/DAV/Server.php
+++ b/lib/DAV/Server.php
@@ -7,7 +7,8 @@ use
     Sabre\HTTP,
     Sabre\HTTP\RequestInterface,
     Sabre\HTTP\ResponseInterface,
-    Sabre\HTTP\URLUtil;
+    Sabre\HTTP\URLUtil,
+    Sabre\Uri;
 
 /**
  * Main DAV server class
@@ -543,15 +544,16 @@ class Server extends EventEmitter {
 
         }
 
-        $uri = str_replace('//','/',$uri);
+        $uri = Uri\normalize(str_replace('//','/',$uri));
+        $baseUri = Uri\normalize($this->getBaseUri());
 
-        if (strpos($uri,$this->getBaseUri())===0) {
+        if (strpos($uri,$baseUri)===0) {
 
-            return trim(URLUtil::decodePath(substr($uri,strlen($this->getBaseUri()))),'/');
+            return trim(URLUtil::decodePath(substr($uri,strlen($baseUri))),'/');
 
         // A special case, if the baseUri was accessed without a trailing
         // slash, we'll accept it as well.
-        } elseif ($uri.'/' === $this->getBaseUri()) {
+        } elseif ($uri.'/' === $baseUri) {
 
             return '';
 
diff --git a/tests/Sabre/DAV/ServerSimpleTest.php b/tests/Sabre/DAV/ServerSimpleTest.php
index 2ca21c3..8926243 100644
--- a/tests/Sabre/DAV/ServerSimpleTest.php
+++ b/tests/Sabre/DAV/ServerSimpleTest.php
@@ -377,24 +377,6 @@ class ServerSimpleTest extends AbstractServer{
     }
 
     /**
-     * @expectedException \Sabre\DAV\Exception\Forbidden
-     */
-    function testBaseUriCheck() {
-
-        $uris = array(
-            'http://www.example.org/root/somepath',
-            '/root/somepath',
-            '/root/somepath/'
-        );
-
-        $this->server->setBaseUri('root/');
-        $this->server->calculateUri('/root/testuri');
-
-        $this->fail('Expected an exception');
-
-    }
-
-    /**
      */
     function testGuessBaseUri() {
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git