Skip to content

Commit

Permalink
PISHPS-303: extended LineItemDataExtractor. It now also sanitizes que…
Browse files Browse the repository at this point in the history
…ry parameters (#789)

* PISHPS-303: extended LineItemDataExtractor. It now also sanitizes query parameters

* PISHPS-303: removed redundant comments

* PISHPS-303: removed debug line

* PISHPS-303: fixed phpstan error

* PISHPS-303: added missing space
  • Loading branch information
m-muxfeld-diw authored Jul 26, 2024
1 parent 39ebd2e commit f2436dc
Showing 1 changed file with 46 additions and 1 deletion.
47 changes: 46 additions & 1 deletion src/Service/MollieApi/LineItemDataExtractor.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,56 @@ private function encodePathAndQuery(string $fullUrl):string
$path = implode('/', $pathParts);
}

$query = isset($urlParts['query']) ? '?' . $urlParts['query'] : '';
$query = '';
if (isset($urlParts['query'])) {
$urlParts['query'] = $this->sanitizeQuery(explode('&', $urlParts['query']));
$query = '?' . implode('&', $urlParts['query']);
}


$fragment = isset($urlParts['fragment']) ? '#' . $urlParts['fragment'] : '';

return trim($scheme.$user.$pass.$host.$port.$path.$query.$fragment);
}

/**
* Sanitizes an array of query strings by URL encoding their components.
*
* This method takes an array of query strings, where each string is expected to be in the format
* 'key=value'. It applies the sanitizeQueryPart method to each query string to ensure the keys
* and values are URL encoded, making them safe for use in URLs.
*
* @param string[] $query An array of query strings to be sanitized.
* @return string[] The sanitized array with URL encoded query strings.
*/
private function sanitizeQuery(array $query): array
{
// Use array_map to apply the sanitizeQueryPart method to each element of the $query array
return array_map([$this, 'sanitizeQueryPart'], $query);
}

/**
* Sanitizes a single query string part by URL encoding its key and value.
*
* This method takes a query string part, expected to be in the format 'key=value', splits it into
* its key and value components, URL encodes each component, and then recombines them into a single
* query string part.
*
* @param string $queryPart A single query string part to be sanitized.
* @return string The sanitized query string part with URL encoded components.
*/
private function sanitizeQueryPart(string $queryPart): string
{
if (strpos($queryPart, '=') === false) {
return $queryPart;
}

// Split the query part into key and value based on the '=' delimiter
[$key, $value] = explode('=', $queryPart);

$key = rawurlencode($key);
$value = rawurlencode($value);

return sprintf('%s=%s', $key, $value);
}
}

0 comments on commit f2436dc

Please sign in to comment.