Compare commits

..

1 Commits

Author SHA1 Message Date
Guy Sartorelli
53548d6c0d
ENH Use symfony/validation logic 2024-09-25 10:26:32 +12:00
3 changed files with 42 additions and 4 deletions

View File

@ -60,7 +60,7 @@ class ModelAsController extends Controller implements NestedController
Director::absoluteBaseURL(), Director::absoluteBaseURL(),
'dev/build', 'dev/build',
'?' . http_build_query([ '?' . http_build_query([
'BackURL' => isset($_GET['url']) ? $_GET['url'] : null, 'returnURL' => isset($_GET['url']) ? $_GET['url'] : null,
]) ])
)); ));
} }
@ -81,7 +81,7 @@ class ModelAsController extends Controller implements NestedController
// If the database has not yet been created, redirect to the build page. // If the database has not yet been created, redirect to the build page.
if (!DB::is_active() || !ClassInfo::hasTable('SiteTree')) { if (!DB::is_active() || !ClassInfo::hasTable('SiteTree')) {
$this->getResponse()->redirect(Controller::join_links(Director::absoluteBaseURL(), 'dev/build?BackURL=' . (isset($_GET['url']) ? urlencode($_GET['url']) : null))); $this->getResponse()->redirect(Controller::join_links(Director::absoluteBaseURL(), 'dev/build?returnURL=' . (isset($_GET['url']) ? urlencode($_GET['url']) : null)));
$this->popCurrent(); $this->popCurrent();
return $this->getResponse(); return $this->getResponse();

View File

@ -78,7 +78,7 @@ class RootURLController extends Controller implements Resettable
Director::absoluteBaseURL(), Director::absoluteBaseURL(),
'dev/build', 'dev/build',
'?' . http_build_query([ '?' . http_build_query([
'BackURL' => isset($_GET['url']) ? $_GET['url'] : null, 'returnURL' => isset($_GET['url']) ? $_GET['url'] : null,
]) ])
)); ));
} }
@ -91,7 +91,7 @@ class RootURLController extends Controller implements Resettable
if (!$this->getResponse()->isFinished()) { if (!$this->getResponse()->isFinished()) {
if (!DB::is_active() || !ClassInfo::hasTable('SiteTree')) { if (!DB::is_active() || !ClassInfo::hasTable('SiteTree')) {
$this->getResponse()->redirect(Director::absoluteBaseURL() . 'dev/build?BackURL=' . (isset($_GET['url']) ? urlencode($_GET['url']) : null)); $this->getResponse()->redirect(Director::absoluteBaseURL() . 'dev/build?returnURL=' . (isset($_GET['url']) ? urlencode($_GET['url']) : null));
return $this->getResponse(); return $this->getResponse();
} }

View File

@ -121,6 +121,33 @@ class RedirectorPageTest extends FunctionalTest
$this->assertEquals(Director::absoluteURL('/redirection-dest'), $response->getHeader("Location")); $this->assertEquals(Director::absoluteURL('/redirection-dest'), $response->getHeader("Location"));
} }
public function testExternalURLGetsPrefixIfNotSet()
{
$page = $this->objFromFixture(RedirectorPage::class, 'externalnoprefix');
$this->assertEquals($page->ExternalURL, 'http://google.com', 'onBeforeWrite has prefixed with http');
$page->write();
$this->assertEquals(
$page->ExternalURL,
'http://google.com',
'onBeforeWrite will not double prefix if written again!'
);
}
public function testAllowsProtocolRelative()
{
$noProtocol = new RedirectorPage(['ExternalURL' => 'mydomain.com']);
$noProtocol->write();
$this->assertEquals('http://mydomain.com', $noProtocol->ExternalURL);
$protocolAbsolute = new RedirectorPage(['ExternalURL' => 'http://mydomain.com']);
$protocolAbsolute->write();
$this->assertEquals('http://mydomain.com', $protocolAbsolute->ExternalURL);
$protocolRelative = new RedirectorPage(['ExternalURL' => '//mydomain.com']);
$protocolRelative->write();
$this->assertEquals('//mydomain.com', $protocolRelative->ExternalURL);
}
/** /**
* Test that we can trigger a redirection before RedirectorPageController::init() is called * Test that we can trigger a redirection before RedirectorPageController::init() is called
*/ */
@ -136,6 +163,17 @@ class RedirectorPageTest extends FunctionalTest
RedirectorPageController::remove_extension(RedirectorPageTest_RedirectExtension::class); RedirectorPageController::remove_extension(RedirectorPageTest_RedirectExtension::class);
} }
public function testNoJSLinksAllowed()
{
$page = new RedirectorPage();
$js = 'javascript:alert("hello world")';
$page->ExternalURL = $js;
$this->assertEquals($js, $page->ExternalURL);
$page->write();
$this->assertEmpty($page->ExternalURL);
}
public function testFileRedirector() public function testFileRedirector()
{ {
$page = $this->objFromFixture(RedirectorPage::class, 'file'); $page = $this->objFromFixture(RedirectorPage::class, 'file');