tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-17 10:11:38 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8610 from kinglozzer/urltoken-redirect-loop

Browse Source 
FIX: Redirect loop with multiple confirmation tokens present (fixes #8607)
This commit is contained in:
Robbie Averill 2018-11-15 13:38:21 +02:00 committed by GitHub
commit c181a17790
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Core/Startup/ConfirmationTokenChain.php
View File

@ -139,9 +139,10 @@ class ConfirmationTokenChain
*/
public function getRedirectUrlParams()
{
$params = [];
$params = $_GET;
unset($params['url']); // CLIRequestBuilder may add this
foreach ($this->filteredTokens() as $token) {
$params = array_merge($params, $token->getRedirectUrlParams());
$params = array_merge($params, $token->params());
}
return $params;

12
tests/php/Core/Startup/ConfirmationTokenChainTest.php
View File

@ -167,19 +167,21 @@ class ConfirmationTokenChainTest extends SapphireTest
public function testGetRedirectUrlParams()
{
$mockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']);
$mockToken = $this->getTokenRequiringReload(true, ['params']);
$mockToken->expects($this->once())
->method('getRedirectUrlParams')
->method('params')
->will($this->returnValue(['mockTokenParam' => '1']));
$secondMockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']);
$secondMockToken = $this->getTokenRequiringReload(true, ['params']);
$secondMockToken->expects($this->once())
->method('getRedirectUrlParams')
->method('params')
->will($this->returnValue(['secondMockTokenParam' => '2']));
$chain = new ConfirmationTokenChain();
$chain->pushToken($mockToken);
$chain->pushToken($secondMockToken);
$this->assertEquals(['mockTokenParam' => '1', 'secondMockTokenParam' => '2'], $chain->getRedirectUrlParams());
$params = $chain->getRedirectUrlParams();
$this->assertEquals('1', $params['mockTokenParam']);
$this->assertEquals('2', $params['secondMockTokenParam']);
}
}

4
tests/php/Core/Startup/ErrorControlChainMiddlewareTest.php
View File

@ -49,7 +49,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
$this->assertInstanceOf(HTTPResponse::class, $result);
$location = $result->getHeader('Location');
$this->assertContains('?flush=1&flushtoken=', $location);
$this->assertContains('flush=1&flushtoken=', $location);
$this->assertNotContains('Security/login', $location);
}
@ -96,7 +96,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
$this->assertInstanceOf(HTTPResponse::class, $result);
$location = $result->getHeader('Location');
$this->assertContains('/dev/build', $location);
$this->assertContains('?devbuildtoken=', $location);
$this->assertContains('devbuildtoken=', $location);
$this->assertNotContains('Security/login', $location);
}