MensBeam
/
Arsse
3
1
Fork 0
Code Issues 24 Pull Requests Releases 28 Activity
Browse Source

Make TTRSS handler reject erroneous paths

microsub
J. King 6 years ago
parent
a404d4d108
commit
3ffcd6dd97
2 changed files with 13 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      lib/REST/TinyTinyRSS/API.php
  2. 9
      tests/REST/TinyTinyRSS/TestTinyTinyAPI.php

4
lib/REST/TinyTinyRSS/API.php
View File

@ -115,6 +115,10 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
}
public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
if (!preg_match("<^(?:/(?:index\.php)?)?$>", $req->path)) {
// reject paths other than the index
return new Response(404);
}
if ($req->method=="OPTIONS") {
// respond to OPTIONS rquests; the response is a fib, as we technically accept any type or method
return new Response(204, "", "", [

9
tests/REST/TinyTinyRSS/TestTinyTinyAPI.php
View File

@ -168,6 +168,15 @@ LONG_STRING;
$this->clearData();
}
public function testHandleInvalidPaths() {
$exp = $this->respErr("MALFORMED_INPUT", [], null);
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "", "")));
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/", "")));
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/index.php", "")));
$exp = new Response(404);
$this->assertResponse($exp, $this->h->dispatch(new Request("POST", "/bad/path", "")));
}
public function testHandleOptionsRequest() {
$exp = new Response(204, "", "", [
"Allow: POST",

Write Preview
Loading…
Cancel
Save