Skip to content

Commit

Permalink
Merge pull request #1876 from tomudding/fix/index-php-in-url-assembly
Browse files Browse the repository at this point in the history 
fix: index.php being interpreted as valid base path when assembling URLs
  • Loading branch information
@tomudding
tomudding authored Jul 28, 2024
2 parents 8029490 + e8c3752 commit 347e325
Show file tree
Hide file tree
Showing 9 changed files with 66 additions and 13 deletions.
2 changes: 1 addition & 1 deletion module/Activity/view/activity/activity/archive.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ use Laminas\View\Renderer\PhpRenderer;
<li role="presentation" class="dropdown">
<a class="dropdown-toggle"
data-toggle="dropdown"
href="#"
href="<?= $this->hashUrl() ?>"
role="button"
aria-haspopup="true"
aria-expanded="false">
Expand Down
8 changes: 8 additions & 0 deletions module/Application/src/Module.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
use Application\View\Helper\Diff;
use Application\View\Helper\FileUrl;
use Application\View\Helper\GlideUrl;
use Application\View\Helper\HashUrl;
use Application\View\Helper\JobCategories;
use Application\View\Helper\Markdown;
use Application\View\Helper\ModuleIsActive;
Expand All @@ -31,6 +32,7 @@
use Laminas\Router\Http\TreeRouteStack;
use Laminas\Router\RouteStackInterface;
use Laminas\Validator\AbstractValidator;
use Laminas\View\Helper\ServerUrl;
use League\CommonMark\Environment\Environment;
use League\CommonMark\Extension\CommonMark\CommonMarkCoreExtension;
use League\CommonMark\Extension\ExternalLink\ExternalLinkExtension;
Expand Down Expand Up @@ -332,6 +334,12 @@ public function getViewHelperConfig(): array

return $helper;
},
'hashUrl' => static function (ContainerInterface $container) {
$viewHelperManager = $container->get('ViewHelperManager');
$serverUrlHelper = $viewHelperManager->get(ServerUrl::class);

return new HashUrl($serverUrlHelper);
},
],
];
}
Expand Down
6 changes: 6 additions & 0 deletions module/Application/src/Router/LanguageAwareTreeRouteStack.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ public function assemble(
// Store the original base URL.
$oldBaseUrl = $this->getBaseUrl();

// Do not allow direct access using /index.php. As such, rewrite any link that is being assembled to be without
// it as base.
if (str_starts_with($oldBaseUrl, '/index.php')) {
$oldBaseUrl = '/';
}

// Try to get the language, because we do not have access to the current request in this method we cannot add an
// `else` clause to call `$this->getLanguage()` to get the language.
$language = null;
Expand Down
37 changes: 37 additions & 0 deletions module/Application/src/View/Helper/HashUrl.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php

declare(strict_types=1);

namespace Application\View\Helper;

use Application\Model\Enums\Languages;
use Laminas\View\Helper\AbstractHelper;
use Laminas\View\Helper\ServerUrl;

use function implode;
use function preg_replace;

/**
* View helper to generate URLs of the current page with a hash `#`.
*/
class HashUrl extends AbstractHelper
{
public function __construct(private readonly ServerUrl $serverUrlHelper)
{
}

public function __invoke(): string
{
$path = null;
if (isset($_SERVER['REQUEST_URI'])) {
// Drop `/index.php` if it exists.
$path = preg_replace(
'/^((\/' . implode('|', Languages::stringValues()) . ')?\/index\.php)/',
'',
$_SERVER['REQUEST_URI'],
);
}

return $this->serverUrlHelper->__invoke($path) . '#';
}
}
2 changes: 2 additions & 0 deletions module/Application/src/View/HelperTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use Application\View\Helper\Breadcrumbs;
use Application\View\Helper\Diff;
use Application\View\Helper\GlideUrl;
use Application\View\Helper\HashUrl;
use Application\View\Helper\HrefLang;
use Application\View\Helper\ScriptUrl;
use Company\Model\CompanyFeaturedPackage as CompanyFeaturedPackageModel;
Expand Down Expand Up @@ -37,6 +38,7 @@
* @method CompanyFeaturedPackageModel|null featuredCompanyPackage()
* @method string fileUrl(string $path)
* @method GlideUrl glideUrl()
* @method HashUrl hashUrl()
* @method JobCategoryModel[] jobCategories()
* @method string localisedTextElement(ElementInterface $element)
* @method string localiseText(LocalisedTextModel $localisedText)
Expand Down
6 changes: 3 additions & 3 deletions module/Application/view/partial/admin.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ use Laminas\View\Renderer\PhpRenderer;
<?php
if ($this->acl('education_service_acl')->isAllowed('course_document', 'upload')): ?>
<li class="dropdown <?= $this->moduleIsActive(['frontpage', 'exam']) ? 'active' : '' ?>">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button"
aria-haspopup="true" aria-expanded="false">
<?= $this->translate('Education') ?> <span class="caret"></span>
</a>
Expand All @@ -154,7 +154,7 @@ use Laminas\View\Renderer\PhpRenderer;
<?php
if ($this->acl('decision_service_acl')->isAllowed('meeting', 'upload_minutes')): ?>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown"
role="button" aria-haspopup="true" aria-expanded="false">
<?= $this->translate('Meetings') ?> <span class="caret"></span>
</a>
Expand Down Expand Up @@ -218,7 +218,7 @@ use Laminas\View\Renderer\PhpRenderer;
<?php
if ($this->acl('user_service_acl')->isAllowed('apiuser', 'add')): ?>
<li class="dropdown <?= $this->moduleIsActive(['user']) ? 'active' : '' ?>">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button"
aria-haspopup="true" aria-expanded="false">
<?= $this->translate('Users') ?> <span class="caret"></span>
</a>
Expand Down
14 changes: 7 additions & 7 deletions module/Application/view/partial/main-nav.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,14 @@ endif; ?>
<nav class="navbar navbar-gewis navbar-static-top rainbow" role="navigation">
<div class="container">
<div class="navbar-header navbar-left pull-left">
<a href="<?= $this->url('home') ?>" class="navbar-brand">
<a href="/<?= $lang ?>/" class="navbar-brand">
<div class="gi gewis-base"></div>
</a>
</div>
<div class="navbar-header navbar-right pull-right">
<ul class="nav navbar-nav pull-left no-collapse">
<li class="dropdown pull-right">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">
<span class="fas fa-globe-europe"></span>
<span class="sr-only"><?= $this->translate('Language settings') ?></span>
Expand Down Expand Up @@ -94,7 +94,7 @@ endif; ?>
<?php
if (null === $this->identity() && null === $this->companyIdentity()): ?>
<li class="dropdown pull-right">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">
<span class="fas fa-user"></span>
<?= $this->translate('Members') ?>
Expand Down Expand Up @@ -129,7 +129,7 @@ endif; ?>
<?php
$company = $this->companyIdentity()->getCompany(); ?>
<li class="dropdown pull-right">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">
<?= $this->escapeHtml($company->getName()) ?>
<span class="caret"></span>
Expand Down Expand Up @@ -157,7 +157,7 @@ endif; ?>
<?php
$member = $this->identity()->getMember(); ?>
<li class="dropdown pull-right">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
<a href="<?= $this->hashUrl() ?>" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">
<?= $this->escapeHtml($member->getFirstName()) ?>
<span class="caret"></span>
Expand Down Expand Up @@ -306,13 +306,13 @@ endif; ?>
</a>
</li>
<li class="dropdown dropdown-submenu">
<a href="#" role="button"
<a href="<?= $this->hashUrl() ?>" role="button"
class="dropdown-toggle visible-sm visible-xs" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="false">
<?= $this->translate('Useful Information') ?>
<span class="caret"></span>
</a>
<a href="#" role="button"
<a href="<?= $this->hashUrl() ?>" role="button"
class="hidden-sm hidden-xs">
<?= $this->translate('Useful Information') ?>
<span class="caret"></span>
Expand Down
2 changes: 1 addition & 1 deletion module/Frontpage/view/frontpage/organ/organ.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ function getOrganDescription($organInformation, $lang)
</div>
<div class="list-group">
<?php if (empty($activities)): ?>
<p class="list-group-item" href="#">
<p class="list-group-item" href="<?= $this->hashUrl() ?>">
<span class="list-group-item-text text-muted">
<?= $this->translate('No activities planned') ?>
</span>
Expand Down
2 changes: 1 addition & 1 deletion module/Photo/view/partial/years.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ if ($admin) {
<li role="presentation" class="dropdown">
<a class="dropdown-toggle"
data-toggle="dropdown"
href="#"
href="<?= $this->hashUrl() ?>"
role="button"
aria-haspopup="true"
aria-expanded="false">
Expand Down

0 comments on commit 347e325

Please sign in to comment.