mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX: Redirect loop with multiple confirmation tokens present (fixes #8607)
This commit is contained in:
parent
a843e136e8
commit
b5bae137bd
@ -139,9 +139,10 @@ class ConfirmationTokenChain
|
|||||||
*/
|
*/
|
||||||
public function getRedirectUrlParams()
|
public function getRedirectUrlParams()
|
||||||
{
|
{
|
||||||
$params = [];
|
$params = $_GET;
|
||||||
|
unset($params['url']); // CLIRequestBuilder may add this
|
||||||
foreach ($this->filteredTokens() as $token) {
|
foreach ($this->filteredTokens() as $token) {
|
||||||
$params = array_merge($params, $token->getRedirectUrlParams());
|
$params = array_merge($params, $token->params());
|
||||||
}
|
}
|
||||||
|
|
||||||
return $params;
|
return $params;
|
||||||
|
@ -167,19 +167,21 @@ class ConfirmationTokenChainTest extends SapphireTest
|
|||||||
|
|
||||||
public function testGetRedirectUrlParams()
|
public function testGetRedirectUrlParams()
|
||||||
{
|
{
|
||||||
$mockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']);
|
$mockToken = $this->getTokenRequiringReload(true, ['params']);
|
||||||
$mockToken->expects($this->once())
|
$mockToken->expects($this->once())
|
||||||
->method('getRedirectUrlParams')
|
->method('params')
|
||||||
->will($this->returnValue(['mockTokenParam' => '1']));
|
->will($this->returnValue(['mockTokenParam' => '1']));
|
||||||
|
|
||||||
$secondMockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']);
|
$secondMockToken = $this->getTokenRequiringReload(true, ['params']);
|
||||||
$secondMockToken->expects($this->once())
|
$secondMockToken->expects($this->once())
|
||||||
->method('getRedirectUrlParams')
|
->method('params')
|
||||||
->will($this->returnValue(['secondMockTokenParam' => '2']));
|
->will($this->returnValue(['secondMockTokenParam' => '2']));
|
||||||
|
|
||||||
$chain = new ConfirmationTokenChain();
|
$chain = new ConfirmationTokenChain();
|
||||||
$chain->pushToken($mockToken);
|
$chain->pushToken($mockToken);
|
||||||
$chain->pushToken($secondMockToken);
|
$chain->pushToken($secondMockToken);
|
||||||
$this->assertEquals(['mockTokenParam' => '1', 'secondMockTokenParam' => '2'], $chain->getRedirectUrlParams());
|
$params = $chain->getRedirectUrlParams();
|
||||||
|
$this->assertEquals('1', $params['mockTokenParam']);
|
||||||
|
$this->assertEquals('2', $params['secondMockTokenParam']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -49,7 +49,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
|
|||||||
|
|
||||||
$this->assertInstanceOf(HTTPResponse::class, $result);
|
$this->assertInstanceOf(HTTPResponse::class, $result);
|
||||||
$location = $result->getHeader('Location');
|
$location = $result->getHeader('Location');
|
||||||
$this->assertContains('?flush=1&flushtoken=', $location);
|
$this->assertContains('flush=1&flushtoken=', $location);
|
||||||
$this->assertNotContains('Security/login', $location);
|
$this->assertNotContains('Security/login', $location);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -96,7 +96,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
|
|||||||
$this->assertInstanceOf(HTTPResponse::class, $result);
|
$this->assertInstanceOf(HTTPResponse::class, $result);
|
||||||
$location = $result->getHeader('Location');
|
$location = $result->getHeader('Location');
|
||||||
$this->assertContains('/dev/build', $location);
|
$this->assertContains('/dev/build', $location);
|
||||||
$this->assertContains('?devbuildtoken=', $location);
|
$this->assertContains('devbuildtoken=', $location);
|
||||||
$this->assertNotContains('Security/login', $location);
|
$this->assertNotContains('Security/login', $location);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user