mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 21:22:40 +00:00
Make TTRSS handler reject erroneous paths
This commit is contained in:
parent
a404d4d108
commit
3ffcd6dd97
2 changed files with 13 additions and 0 deletions
|
@ -115,6 +115,10 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
|||
}
|
||||
|
||||
public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
|
||||
if (!preg_match("<^(?:/(?:index\.php)?)?$>", $req->path)) {
|
||||
// reject paths other than the index
|
||||
return new Response(404);
|
||||
}
|
||||
if ($req->method=="OPTIONS") {
|
||||
// respond to OPTIONS rquests; the response is a fib, as we technically accept any type or method
|
||||
return new Response(204, "", "", [
|
||||
|
|
|
@ -168,6 +168,15 @@ LONG_STRING;
|
|||
$this->clearData();
|
||||
}
|
||||
|
||||
public function testHandleInvalidPaths() {
|
||||
$exp = $this->respErr("MALFORMED_INPUT", [], null);
|
||||
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "", "")));
|
||||
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/", "")));
|
||||
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/index.php", "")));
|
||||
$exp = new Response(404);
|
||||
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/bad/path", "")));
|
||||
}
|
||||
|
||||
public function testHandleOptionsRequest() {
|
||||
$exp = new Response(204, "", "", [
|
||||
"Allow: POST",
|
||||
|
|
Loading…
Reference in a new issue