diff --git a/src/Control/Middleware/ConfirmationMiddleware.php b/src/Control/Middleware/ConfirmationMiddleware.php index f4f903d6a..79acbfe21 100644 --- a/src/Control/Middleware/ConfirmationMiddleware.php +++ b/src/Control/Middleware/ConfirmationMiddleware.php @@ -33,6 +33,7 @@ class ConfirmationMiddleware implements HTTPMiddleware /** * Confirmation form URL + * WARNING: excluding SS_BASE_URL * * @var string */ @@ -81,8 +82,15 @@ class ConfirmationMiddleware implements HTTPMiddleware */ protected function getConfirmationUrl(HTTPRequest $request, $confirmationStorageId) { + $url = $this->confirmationFormUrl; + + if (substr($url, 0, 1) === '/') { + // add BASE_URL explicitly if not absolute + $url = Controller::join_links(Director::baseURL(), $url); + } + return Controller::join_links( - $this->confirmationFormUrl, + $url, urlencode($confirmationStorageId) ); } diff --git a/src/Control/Middleware/URLSpecialsMiddleware.php b/src/Control/Middleware/URLSpecialsMiddleware.php index 073e52e76..b2fb10a6d 100644 --- a/src/Control/Middleware/URLSpecialsMiddleware.php +++ b/src/Control/Middleware/URLSpecialsMiddleware.php @@ -2,6 +2,8 @@ namespace SilverStripe\Control\Middleware; +use SilverStripe\Control\Controller; +use SilverStripe\Control\Director; use SilverStripe\Control\Middleware\URLSpecialsMiddleware\FlushScheduler; use SilverStripe\Control\Middleware\URLSpecialsMiddleware\SessionEnvTypeSwitcher; use SilverStripe\Control\HTTPRequest; @@ -63,7 +65,12 @@ class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware $request['urlspecialstoken'] = bin2hex(random_bytes(4)); $result = new HTTPResponse(); - $result->redirect('/' . $request->getURL(true)); + $result->redirect( + Controller::join_links( + Director::baseURL(), + $request->getURL(true) + ) + ); return $result; } } diff --git a/src/Security/Confirmation/Storage.php b/src/Security/Confirmation/Storage.php index e27931590..0794e3646 100644 --- a/src/Security/Confirmation/Storage.php +++ b/src/Security/Confirmation/Storage.php @@ -2,7 +2,9 @@ namespace SilverStripe\Security\Confirmation; +use SilverStripe\Control\Controller; use SilverStripe\Control\Cookie; +use SilverStripe\Control\Director; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\Session; use SilverStripe\Security\SecurityToken; @@ -236,7 +238,8 @@ class Storage */ public function setSuccessRequest(HTTPRequest $request) { - $this->setSuccessUrl($request->getURL(true)); + $url = Controller::join_links(Director::baseURL(), $request->getURL(true)); + $this->setSuccessUrl($url); $httpMethod = $request->httpMethod(); $this->session->set($this->getNamespace('httpMethod'), $httpMethod); diff --git a/tests/php/Control/Middleware/ConfirmationMiddlewareTest.php b/tests/php/Control/Middleware/ConfirmationMiddlewareTest.php index cec934bc6..9b2f43f51 100644 --- a/tests/php/Control/Middleware/ConfirmationMiddlewareTest.php +++ b/tests/php/Control/Middleware/ConfirmationMiddlewareTest.php @@ -2,6 +2,7 @@ namespace SilverStripe\Control\Tests\Middleware; +use SilverStripe\Control\Director; use SilverStripe\Control\HTTPResponse; use SilverStripe\Control\Middleware\ConfirmationMiddleware; use SilverStripe\Control\Middleware\ConfirmationMiddleware\Url; @@ -67,7 +68,7 @@ class ConfirmationMiddlewareTest extends SapphireTest $this->assertFalse($next); $this->assertInstanceOf(HTTPResponse::class, $response); $this->assertEquals(302, $response->getStatusCode()); - $this->assertEquals('/dev/confirm/middleware', $response->getHeader('location')); + $this->assertEquals(Director::baseURL().'dev/confirm/middleware', $response->getHeader('location')); // Test bypasses have more priority than rules $middleware->setBypasses([new Url('dev/build')]); diff --git a/tests/php/Security/Confirmation/StorageTest.php b/tests/php/Security/Confirmation/StorageTest.php index 4c36f71a9..a3075769d 100644 --- a/tests/php/Security/Confirmation/StorageTest.php +++ b/tests/php/Security/Confirmation/StorageTest.php @@ -69,7 +69,7 @@ class StorageTest extends SapphireTest // ensure the data is persisted within the session $storage = new Storage($session, 'test', false); - $this->assertEquals('dev/build?flush=all', $storage->getSuccessUrl()); + $this->assertEquals('/dev/build?flush=all', $storage->getSuccessUrl()); $this->assertEquals('GET', $storage->getHttpMethod()); }