FIX Confirmation components to respect SS_BASE_URL (#9074)
This commit is contained in:
Serge Latyntsev
Aaron Carlino
parent
d0b4f61310
commit
7ef13e7ef6
|
|
@ -33,6 +33,7 @@ class ConfirmationMiddleware implements HTTPMiddleware
|
|||
|
||||
/**
|
||||
* Confirmation form URL
|
||||
* WARNING: excluding SS_BASE_URL
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
|
|
@ -81,8 +82,15 @@ class ConfirmationMiddleware implements HTTPMiddleware
|
|||
*/
|
||||
protected function getConfirmationUrl(HTTPRequest $request, $confirmationStorageId)
|
||||
{
|
||||
$url = $this->confirmationFormUrl;
|
||||
|
||||
if (substr($url, 0, 1) === '/') {
|
||||
// add BASE_URL explicitly if not absolute
|
||||
$url = Controller::join_links(Director::baseURL(), $url);
|
||||
}
|
||||
|
||||
return Controller::join_links(
|
||||
$this->confirmationFormUrl,
|
||||
$url,
|
||||
urlencode($confirmationStorageId)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace SilverStripe\Control\Middleware;
|
||||
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\Director;
|
||||
use SilverStripe\Control\Middleware\URLSpecialsMiddleware\FlushScheduler;
|
||||
use SilverStripe\Control\Middleware\URLSpecialsMiddleware\SessionEnvTypeSwitcher;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
|
|
@ -63,7 +65,12 @@ class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware
|
|||
$request['urlspecialstoken'] = bin2hex(random_bytes(4));
|
||||
|
||||
$result = new HTTPResponse();
|
||||
$result->redirect('/' . $request->getURL(true));
|
||||
$result->redirect(
|
||||
Controller::join_links(
|
||||
Director::baseURL(),
|
||||
$request->getURL(true)
|
||||
)
|
||||
);
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
namespace SilverStripe\Security\Confirmation;
|
||||
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\Cookie;
|
||||
use SilverStripe\Control\Director;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Security\SecurityToken;
|
||||
|
|
@ -236,7 +238,8 @@ class Storage
|
|||
*/
|
||||
public function setSuccessRequest(HTTPRequest $request)
|
||||
{
|
||||
$this->setSuccessUrl($request->getURL(true));
|
||||
$url = Controller::join_links(Director::baseURL(), $request->getURL(true));
|
||||
$this->setSuccessUrl($url);
|
||||
|
||||
$httpMethod = $request->httpMethod();
|
||||
$this->session->set($this->getNamespace('httpMethod'), $httpMethod);
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace SilverStripe\Control\Tests\Middleware;
|
||||
|
||||
use SilverStripe\Control\Director;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
use SilverStripe\Control\Middleware\ConfirmationMiddleware;
|
||||
use SilverStripe\Control\Middleware\ConfirmationMiddleware\Url;
|
||||
|
|
@ -67,7 +68,7 @@ class ConfirmationMiddlewareTest extends SapphireTest
|
|||
$this->assertFalse($next);
|
||||
$this->assertInstanceOf(HTTPResponse::class, $response);
|
||||
$this->assertEquals(302, $response->getStatusCode());
|
||||
$this->assertEquals('/dev/confirm/middleware', $response->getHeader('location'));
|
||||
$this->assertEquals(Director::baseURL().'dev/confirm/middleware', $response->getHeader('location'));
|
||||
|
||||
// Test bypasses have more priority than rules
|
||||
$middleware->setBypasses([new Url('dev/build')]);
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class StorageTest extends SapphireTest
|
|||
|
||||
// ensure the data is persisted within the session
|
||||
$storage = new Storage($session, 'test', false);
|
||||
$this->assertEquals('dev/build?flush=all', $storage->getSuccessUrl());
|
||||
$this->assertEquals('/dev/build?flush=all', $storage->getSuccessUrl());
|
||||
$this->assertEquals('GET', $storage->getHttpMethod());
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue