symfony
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
+2Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/UriSignerTest.php
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/UriSigner.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/UriSigner.php
+39-2Lines changed: 39 additions & 2 deletions b/‎src/Symfony/Component/HttpKernel/UriSigner.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/UriSigner.php
+39-2Lines changed: 39 additions & 2 deletions
@@ -33,5 +33,7 @@ public function testCheck()
 
         $this->assertTrue($signer->check($signer->sign('http://example.com/foo')));
         $this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar')));
+
+        $this->assertTrue($signer->sign('http://example.com/foo?foo=bar&bar=foo') === $signer->sign('http://example.com/foo?bar=foo&foo=bar'));
     }
 }
@@ -42,6 +42,15 @@ public function __construct($secret)
      */
     public function sign($uri)
     {
+        $url = parse_url($uri);
+        if (isset($url['query'])) {
+            parse_str($url['query'], $params);
+        } else {
+            $params = array();
+        }
+
+        $uri = $this->buildUrl($url, $params);
+
         return $uri.(false === (strpos($uri, '?')) ? '?' : '&').'_hash='.$this->computeHash($uri);
     }
 
@@ -58,15 +67,43 @@ public function sign($uri)
      */
     public function check($uri)
     {
-        if (!preg_match('/^(.*)(?:\?|&)_hash=(.+?)$/', $uri, $matches)) {
+        $url = parse_url($uri);
+        if (isset($url['query'])) {
+            parse_str($url['query'], $params);
+        } else {
+            $params = array();
+        }
+
+        if (empty($params['_hash'])) {
             return false;
         }
 
-        return $this->computeHash($matches[1]) === $matches[2];
+        $hash = urlencode($params['_hash']);
+        unset($params['_hash']);
+
+        return $this->computeHash($this->buildUrl($url, $params)) === $hash;
     }
 
     private function computeHash($uri)
     {
         return urlencode(base64_encode(hash_hmac('sha1', $uri, $this->secret, true)));
     }
+
+    private function buildUrl(array $url, array $params = array())
+    {
+        ksort($params);
+        $url['query'] = http_build_query($params);
+
+        $scheme   = isset($url['scheme']) ? $url['scheme'].'://' : '';
+        $host     = isset($url['host']) ? $url['host'] : '';
+        $port     = isset($url['port']) ? ':'.$url['port'] : '';
+        $user     = isset($url['user']) ? $url['user'] : '';
+        $pass     = isset($url['pass']) ? ':'.$url['pass']  : '';
+        $pass     = ($user || $pass) ? "$pass@" : '';
+        $path     = isset($url['path']) ? $url['path'] : '';
+        $query    = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
+        $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
+
+        return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -33,5 +33,7 @@ public function testCheck()`
`33`	`33`
`34`	`34`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo')));`
`35`	`35`	`$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar')));`
	`36`	`+`
	`37`	`+ $this->assertTrue($signer->sign('http://example.com/foo?foo=bar&bar=foo') === $signer->sign('http://example.com/foo?bar=foo&foo=bar'));`
`36`	`38`	`}`
`37`	`39`	`}`