1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-08 17:02:41 +00:00

Make TTRSS handler reject erroneous paths

This commit is contained in:
J. King 2017-11-30 17:54:56 -05:00
parent a404d4d108
commit 3ffcd6dd97
2 changed files with 13 additions and 0 deletions

View file

@ -115,6 +115,10 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response { public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
if (!preg_match("<^(?:/(?:index\.php)?)?$>", $req->path)) {
// reject paths other than the index
return new Response(404);
}
if ($req->method=="OPTIONS") { if ($req->method=="OPTIONS") {
// respond to OPTIONS rquests; the response is a fib, as we technically accept any type or method // respond to OPTIONS rquests; the response is a fib, as we technically accept any type or method
return new Response(204, "", "", [ return new Response(204, "", "", [

View file

@ -168,6 +168,15 @@ LONG_STRING;
$this->clearData(); $this->clearData();
} }
public function testHandleInvalidPaths() {
$exp = $this->respErr("MALFORMED_INPUT", [], null);
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "", "")));
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/", "")));
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/index.php", "")));
$exp = new Response(404);
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/bad/path", "")));
}
public function testHandleOptionsRequest() { public function testHandleOptionsRequest() {
$exp = new Response(204, "", "", [ $exp = new Response(204, "", "", [
"Allow: POST", "Allow: POST",