Skip to content

Commit

Permalink
Throw an exception when signing route if a parameter key is 'signature'
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinhinrichs
martinhinrichs committed Oct 28, 2019
1 parent 12b8a6a commit 3d9b268
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/Illuminate/Routing/UrlGenerator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,11 +315,19 @@ public function formatScheme($secure = null)
* @param \DateTimeInterface|\DateInterval|int|null $expiration
* @param bool $absolute
* @return string
*
* @throws \InvalidArgumentException
*/
public function signedRoute($name, $parameters = [], $expiration = null, $absolute = true)
{
$parameters = $this->formatParameters($parameters);

if(array_key_exists('signature', $parameters)) {
throw new InvalidArgumentException(
'Do not use [signature] as a parameter name when creating a signed route.'
);
}

if ($expiration) {
$parameters = $parameters + ['expires' => $this->availableAt($expiration)];
}
Expand Down
21 changes: 21 additions & 0 deletions tests/Routing/RoutingUrlGeneratorTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Illuminate\Routing\Route;
use Illuminate\Routing\RouteCollection;
use Illuminate\Routing\UrlGenerator;
use InvalidArgumentException;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
use Symfony\Component\Routing\Exception\RouteNotFoundException;
Expand Down Expand Up @@ -627,6 +628,26 @@ public function testSignedRelativeUrl()

$this->assertFalse($url->hasValidSignature($request, false));
}

public function testSignedUrlParameterCannotBeNamedSignature() {
$url = new UrlGenerator(
$routes = new RouteCollection,
$request = Request::create('http://www.foo.com/')
);
$url->setKeyResolver(function () {
return 'secret';
});

$route = new Route(['GET'], 'foo/{signature}', ['as' => 'foo', function () {
//
}]);
$routes->add($route);

$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Do not use [signature] as a parameter name when creating a signed route.');

Request::create($url->signedRoute('foo', ['signature' => 'bar']));
}
}

class RoutableInterfaceStub implements UrlRoutable
Expand Down

0 comments on commit 3d9b268

Please sign in to comment.