Silverstripe-framework: [CONTROL] URL parsing bug

Created on 6 Aug 2018  路  7Comments  路  Source: silverstripe/silverstripe-framework

Affected Version

SS 4.1, possibly earlier

Description

If an invalid extension (e.g. ".css") is added to a valid URL (e.g. /about-us) a 404 response should be returned. Instead a 200 response is returned along with the normal content, as if the extension has been ignored.

Steps to Reproduce

  1. Create a new SS4 site with composer create-project
  2. Navigate to mysite.localhost/about-us/.css or mysite.localhost/contact-us.embassy

Notes

Only works if a single period is used and no other special characters. Adding these strings to a URL won't trigger the bug:

  • .css.jpg
  • .fake-url
affectv4 efforeasy impacmedium typbug
Source
picture jonom

Most helpful comment

Making it an opt-in feature for SS5 would be a good idea I think

I think what would be much better is to be able to define routes more flexibly (including regex for example) rather than keeping this rather opinionated feature

picture dhensby on 7 Aug 2018
👍2

All 7 comments

That's because the extension is ignored :/ this is somewhat intended behaviour...

dhensby picture dhensby on 6 Aug 2018

the extension is taken off and discarded when resolving the URLs

dhensby picture dhensby on 6 Aug 2018

If it's intentional feel free to close this issue, but what's the benefit of discarding the extension? From my viewpoint an invalid URL shouldn't return a valid response... but then again it's probably not likely that this issue would lead to a real world problem for someone.

jonom picture jonom on 6 Aug 2018

I seem to remember a discussion about this before - I _think_ it was originally intended so that you could have /api.json or /api.xml handled by the same URL handler, but switch out how you output the response by checking $request->getExtension().

I鈥檓 not a fan of the behaviour if that鈥檚 the only reason for it, I鈥檒l try to find the other issue

Edit: https://github.com/silverstripe/silverstripe-framework/issues/5385

kinglozzer picture kinglozzer on 7 Aug 2018

I'm afraid this is just legacy behaviour that may have to many advocates to remove...

dhensby picture dhensby on 7 Aug 2018

I think @JorisDebonnet's issue is a great example that this feature has some drawbacks. If it can cause params to break that's not great. Making it an opt-in feature for SS5 would be a good idea I think.

jonom picture jonom on 7 Aug 2018

Making it an opt-in feature for SS5 would be a good idea I think

I think what would be much better is to be able to define routes more flexibly (including regex for example) rather than keeping this rather opinionated feature

dhensby picture dhensby on 7 Aug 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kinglozzer picture kinglozzer  路  4Comments
Cheddam picture Cheddam  路  3Comments
kinglozzer picture kinglozzer  路  6Comments
dhensby picture dhensby  路  6Comments
Cheddam picture Cheddam  路  3Comments