From 232b5531bea5ccb853f320a4ad0264dfc01e264f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Debrauwer?= Date: Thu, 19 Dec 2024 17:41:40 +0100 Subject: [PATCH] $ignoreQuery closure support --- src/Illuminate/Routing/UrlGenerator.php | 28 +++++++++++++++-------- tests/Routing/RoutingUrlGeneratorTest.php | 6 +++++ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/src/Illuminate/Routing/UrlGenerator.php b/src/Illuminate/Routing/UrlGenerator.php index fff8ffd5eb44..b2c7a32c30ab 100755 --- a/src/Illuminate/Routing/UrlGenerator.php +++ b/src/Illuminate/Routing/UrlGenerator.php @@ -419,10 +419,10 @@ public function temporarySignedRoute($name, $expiration, $parameters = [], $abso * * @param \Illuminate\Http\Request $request * @param bool $absolute - * @param array $ignoreQuery + * @param \Closure|array $ignoreQuery * @return bool */ - public function hasValidSignature(Request $request, $absolute = true, array $ignoreQuery = []) + public function hasValidSignature(Request $request, $absolute = true, Closure|array $ignoreQuery = []) { return $this->hasCorrectSignature($request, $absolute, $ignoreQuery) && $this->signatureHasNotExpired($request); @@ -432,10 +432,10 @@ public function hasValidSignature(Request $request, $absolute = true, array $ign * Determine if the given request has a valid signature for a relative URL. * * @param \Illuminate\Http\Request $request - * @param array $ignoreQuery + * @param \Closure|array $ignoreQuery * @return bool */ - public function hasValidRelativeSignature(Request $request, array $ignoreQuery = []) + public function hasValidRelativeSignature(Request $request, Closure|array $ignoreQuery = []) { return $this->hasValidSignature($request, false, $ignoreQuery); } @@ -445,17 +445,27 @@ public function hasValidRelativeSignature(Request $request, array $ignoreQuery = * * @param \Illuminate\Http\Request $request * @param bool $absolute - * @param array $ignoreQuery + * @param \Closure|array $ignoreQuery * @return bool */ - public function hasCorrectSignature(Request $request, $absolute = true, array $ignoreQuery = []) + public function hasCorrectSignature(Request $request, $absolute = true, Closure|array $ignoreQuery = []) { - $ignoreQuery[] = 'signature'; - $url = $absolute ? $request->url() : '/'.$request->path(); $queryString = (new Collection(explode('&', (string) $request->server->get('QUERY_STRING')))) - ->reject(fn ($parameter) => in_array(Str::before($parameter, '='), $ignoreQuery)) + ->reject(function ($parameter) use ($ignoreQuery) { + $parameter = Str::before($parameter, '='); + + if ($parameter === 'signature') { + return true; + } + + if ($ignoreQuery instanceof Closure) { + return $ignoreQuery($parameter); + } + + return in_array($parameter, $ignoreQuery); + }) ->join('&'); $original = rtrim($url.'?'.$queryString, '?'); diff --git a/tests/Routing/RoutingUrlGeneratorTest.php b/tests/Routing/RoutingUrlGeneratorTest.php index b9ada1ce07bd..a0f01672125a 100755 --- a/tests/Routing/RoutingUrlGeneratorTest.php +++ b/tests/Routing/RoutingUrlGeneratorTest.php @@ -803,6 +803,12 @@ public function testSignedUrl() $request = Request::create($url->signedRoute('foo').'?tampered=true'); $this->assertFalse($url->hasValidSignature($request)); + + $request = Request::create($url->signedRoute('foo').'&tampered=true'); + + $this->assertTrue($url->hasValidSignature($request, ignoreQuery: ['tampered'])); + + $this->assertTrue($url->hasValidSignature($request, ignoreQuery: fn ($parameter) => $parameter === 'tampered')); } public function testSignedUrlImplicitModelBinding()