tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 14:39:25 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8610 from kinglozzer/urltoken-redirect-loop

Browse Source 
FIX: Redirect loop with multiple confirmation tokens present (fixes #8607)
This commit is contained in:
Robbie Averill 2018-11-15 13:38:21 +02:00 committed by GitHub
commit c181a17790
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Core/Startup/ConfirmationTokenChain.php
View File

@ -139,9 +139,10 @@ class ConfirmationTokenChain
*/ */
public function getRedirectUrlParams() public function getRedirectUrlParams()
{ {
$params = []; $params = $_GET;
unset($params['url']); // CLIRequestBuilder may add this
foreach ($this->filteredTokens() as $token) { foreach ($this->filteredTokens() as $token) {
$params = array_merge($params, $token->getRedirectUrlParams()); $params = array_merge($params, $token->params());
} }
return $params; return $params;

12
tests/php/Core/Startup/ConfirmationTokenChainTest.php
View File

@ -167,19 +167,21 @@ class ConfirmationTokenChainTest extends SapphireTest
public function testGetRedirectUrlParams() public function testGetRedirectUrlParams()
{ {
$mockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']); $mockToken = $this->getTokenRequiringReload(true, ['params']);
$mockToken->expects($this->once()) $mockToken->expects($this->once())
->method('getRedirectUrlParams') ->method('params')
->will($this->returnValue(['mockTokenParam' => '1'])); ->will($this->returnValue(['mockTokenParam' => '1']));
$secondMockToken = $this->getTokenRequiringReload(true, ['getRedirectUrlParams']); $secondMockToken = $this->getTokenRequiringReload(true, ['params']);
$secondMockToken->expects($this->once()) $secondMockToken->expects($this->once())
->method('getRedirectUrlParams') ->method('params')
->will($this->returnValue(['secondMockTokenParam' => '2'])); ->will($this->returnValue(['secondMockTokenParam' => '2']));
$chain = new ConfirmationTokenChain(); $chain = new ConfirmationTokenChain();
$chain->pushToken($mockToken); $chain->pushToken($mockToken);
$chain->pushToken($secondMockToken); $chain->pushToken($secondMockToken);
$this->assertEquals(['mockTokenParam' => '1', 'secondMockTokenParam' => '2'], $chain->getRedirectUrlParams()); $params = $chain->getRedirectUrlParams();
$this->assertEquals('1', $params['mockTokenParam']);
$this->assertEquals('2', $params['secondMockTokenParam']);
} }
} }

4
tests/php/Core/Startup/ErrorControlChainMiddlewareTest.php
View File

@ -49,7 +49,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
$this->assertInstanceOf(HTTPResponse::class, $result); $this->assertInstanceOf(HTTPResponse::class, $result);
$location = $result->getHeader('Location'); $location = $result->getHeader('Location');
$this->assertContains('?flush=1&flushtoken=', $location); $this->assertContains('flush=1&flushtoken=', $location);
$this->assertNotContains('Security/login', $location); $this->assertNotContains('Security/login', $location);
} }
@ -96,7 +96,7 @@ class ErrorControlChainMiddlewareTest extends SapphireTest
$this->assertInstanceOf(HTTPResponse::class, $result); $this->assertInstanceOf(HTTPResponse::class, $result);
$location = $result->getHeader('Location'); $location = $result->getHeader('Location');
$this->assertContains('/dev/build', $location); $this->assertContains('/dev/build', $location);
$this->assertContains('?devbuildtoken=', $location); $this->assertContains('devbuildtoken=', $location);
$this->assertNotContains('Security/login', $location); $this->assertNotContains('Security/login', $location);
} }