Steps to Reproduce :
Call the $expand endpoint with a url param, containing a fragment identifier, for example:
GET /ValueSet/$expand?url=http://example.org
GET /ValueSet/$expand?url=#code
Observe that the REST layer fails to handle the #code fragment correctly.
Instead of returning the expanded ValueSet including the fragment-specific "opeation", the server may return an error, an empty expansion, or unexpected results.
Expected Behavior:
The $expand endpoint (as param) should correctly interpret the full $url query param, including any fragment identifier (e.g., #code), and return the corresponding expanded concepts.
$url param php must by "http://example.org" or "#code"
Actual Behavior :
- $url param with # identifiers result in errors.
- Full $url param (with a http.. value) may be misinterpreted inside the REST layer, causing incorrect value of $url parameter.
<?php
use Luracast\Restler\RestException;
class ValueSet
{
/**
* @url GET /{$operator}
* @param string $expand
* @param string $url Resource URL of the ValueSet
* @param string $_format Resource URL of the ValueSet
* @param string $_count Resource URL of the ValueSet
*/
public function index($operator=null,$url = null,$_count=null)
{
$refer = '';
if(isset($_SERVER['HTTP_REFERER'])) $refer = $_SERVER['HTTP_REFERER'];
$valuesets = json_decode(file_get_contents(__DIR__ . '/valuesets.json'), true);
if (!str_contains($operator, '$')) {
$code = $operator;
foreach($valuesets as $vs)
if(isset($vs["id"]) && $vs["id"] === $code) return $vs;
throw new RestException(404, "ValueSet not found: code=" . $code);
}
// $url = explode('?url=',$url)[1];
$contains =[];
foreach($valuesets as $vs)
foreach($vs["expansion"]["contains"] as $item)
isset($item["system"]) && $item["system"] === $url && $contains[]=$item;
return [
"resourceType" => "ValueSet",
"url" => $refer,
"status" => "active",
"expansion" => [
"timestamp" => date(DATE_ATOM),
"total" => count($contains),
"contains" => $contains
]
];
}
...
Steps to Reproduce :
Call the $expand endpoint with a url param, containing a fragment identifier, for example:
GET /ValueSet/$expand?url=http://example.orgGET /ValueSet/$expand?url=#codeObserve that the REST layer fails to handle the #code fragment correctly.
Instead of returning the expanded ValueSet including the fragment-specific "opeation", the server may return an error, an empty expansion, or unexpected results.
Expected Behavior:
The $expand endpoint (as param) should correctly interpret the full $url query param, including any fragment identifier (e.g., #code), and return the corresponding expanded concepts.
$url param php must by "http://example.org" or "#code"
Actual Behavior :