tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX Confirmation components to respect SS_BASE_URL (#9074)

Browse Source
This commit is contained in:
Serge Latyntsev 2019-07-05 16:05:41 +12:00 committed by Aaron Carlino
parent d0b4f61310
commit 7ef13e7ef6
5 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Control/Middleware/ConfirmationMiddleware.php
View File

@ -33,6 +33,7 @@ class ConfirmationMiddleware implements HTTPMiddleware
/** /**
* Confirmation form URL * Confirmation form URL
* WARNING: excluding SS_BASE_URL
* *
* @var string * @var string
*/ */
@ -81,8 +82,15 @@ class ConfirmationMiddleware implements HTTPMiddleware
*/ */
protected function getConfirmationUrl(HTTPRequest $request, $confirmationStorageId) protected function getConfirmationUrl(HTTPRequest $request, $confirmationStorageId)
{ {
$url = $this->confirmationFormUrl;
if (substr($url, 0, 1) === '/') {
// add BASE_URL explicitly if not absolute
$url = Controller::join_links(Director::baseURL(), $url);
}
return Controller::join_links( return Controller::join_links(
$this->confirmationFormUrl, $url,
urlencode($confirmationStorageId) urlencode($confirmationStorageId)
); );
} }

9
src/Control/Middleware/URLSpecialsMiddleware.php
View File

@ -2,6 +2,8 @@
namespace SilverStripe\Control\Middleware; namespace SilverStripe\Control\Middleware;
use SilverStripe\Control\Controller;
use SilverStripe\Control\Director;
use SilverStripe\Control\Middleware\URLSpecialsMiddleware\FlushScheduler; use SilverStripe\Control\Middleware\URLSpecialsMiddleware\FlushScheduler;
use SilverStripe\Control\Middleware\URLSpecialsMiddleware\SessionEnvTypeSwitcher; use SilverStripe\Control\Middleware\URLSpecialsMiddleware\SessionEnvTypeSwitcher;
use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPRequest;
@ -63,7 +65,12 @@ class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware
$request['urlspecialstoken'] = bin2hex(random_bytes(4)); $request['urlspecialstoken'] = bin2hex(random_bytes(4));
$result = new HTTPResponse(); $result = new HTTPResponse();
$result->redirect('/' . $request->getURL(true)); $result->redirect(
Controller::join_links(
Director::baseURL(),
$request->getURL(true)
)
);
return $result; return $result;
} }
} }

5
src/Security/Confirmation/Storage.php
View File

@ -2,7 +2,9 @@
namespace SilverStripe\Security\Confirmation; namespace SilverStripe\Security\Confirmation;
use SilverStripe\Control\Controller;
use SilverStripe\Control\Cookie; use SilverStripe\Control\Cookie;
use SilverStripe\Control\Director;
use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session; use SilverStripe\Control\Session;
use SilverStripe\Security\SecurityToken; use SilverStripe\Security\SecurityToken;
@ -236,7 +238,8 @@ class Storage
*/ */
public function setSuccessRequest(HTTPRequest $request) public function setSuccessRequest(HTTPRequest $request)
{ {
$this->setSuccessUrl($request->getURL(true)); $url = Controller::join_links(Director::baseURL(), $request->getURL(true));
$this->setSuccessUrl($url);
$httpMethod = $request->httpMethod(); $httpMethod = $request->httpMethod();
$this->session->set($this->getNamespace('httpMethod'), $httpMethod); $this->session->set($this->getNamespace('httpMethod'), $httpMethod);

3
tests/php/Control/Middleware/ConfirmationMiddlewareTest.php
View File

@ -2,6 +2,7 @@
namespace SilverStripe\Control\Tests\Middleware; namespace SilverStripe\Control\Tests\Middleware;
use SilverStripe\Control\Director;
use SilverStripe\Control\HTTPResponse; use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Middleware\ConfirmationMiddleware; use SilverStripe\Control\Middleware\ConfirmationMiddleware;
use SilverStripe\Control\Middleware\ConfirmationMiddleware\Url; use SilverStripe\Control\Middleware\ConfirmationMiddleware\Url;
@ -67,7 +68,7 @@ class ConfirmationMiddlewareTest extends SapphireTest
$this->assertFalse($next); $this->assertFalse($next);
$this->assertInstanceOf(HTTPResponse::class, $response); $this->assertInstanceOf(HTTPResponse::class, $response);
$this->assertEquals(302, $response->getStatusCode()); $this->assertEquals(302, $response->getStatusCode());
$this->assertEquals('/dev/confirm/middleware', $response->getHeader('location')); $this->assertEquals(Director::baseURL().'dev/confirm/middleware', $response->getHeader('location'));
// Test bypasses have more priority than rules // Test bypasses have more priority than rules
$middleware->setBypasses([new Url('dev/build')]); $middleware->setBypasses([new Url('dev/build')]);

2
tests/php/Security/Confirmation/StorageTest.php
View File

@ -69,7 +69,7 @@ class StorageTest extends SapphireTest
// ensure the data is persisted within the session // ensure the data is persisted within the session
$storage = new Storage($session, 'test', false); $storage = new Storage($session, 'test', false);
$this->assertEquals('dev/build?flush=all', $storage->getSuccessUrl()); $this->assertEquals('/dev/build?flush=all', $storage->getSuccessUrl());
$this->assertEquals('GET', $storage->getHttpMethod()); $this->assertEquals('GET', $storage->getHttpMethod());
} }