adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #11504 from chinpei215/2.x-fix-non-local-referer

Browse source 
[2.x] Fix CakeRequest::referer(true) returning scheme-relative URLs
This commit is contained in:
Mark Story 2017-12-04 19:22:10 -05:00 committed by GitHub
commit 13011f3ecd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/Cake/Model/Model.php
View file

@ -1688,9 +1688,6 @@ class Model extends CakeObject implements CakeEventListener {
* Saves the value of a single field to the database, based on the current
* model ID.
*
* @deprecated 3.0.0 To ease migration to the new major, do not use this method anymore.
* Stateful model usage will be removed. Use the existing save() methods instead.
*
* @param string $name Name of the table field
* @param mixed $value Value of the field
* @param bool|array $validate Either a boolean, or an array.
@ -1698,6 +1695,8 @@ class Model extends CakeObject implements CakeEventListener {
* If an array, allows control of 'validate', 'callbacks' and 'counterCache' options.
* See Model::save() for details of each options.
* @return bool|array See Model::save() False on failure or an array of model data on success.
* @deprecated 3.0.0 To ease migration to the new major, do not use this method anymore.
* Stateful model usage will be removed. Use the existing save() methods instead.
* @see Model::save()
* @link https://book.cakephp.org/2.0/en/models/saving-your-data.html#model-savefield-string-fieldname-string-fieldvalue-validate-false
*/

2
lib/Cake/Network/CakeRequest.php
View file

@ -439,7 +439,7 @@ class CakeRequest implements ArrayAccess {
if (!empty($ref) && !empty($base)) {
if ($local && strpos($ref, $base) === 0) {
$ref = substr($ref, strlen($base));
if (empty($ref)) {
if (!strlen($ref) || strpos($ref, '//') === 0) {
$ref = '/';
}
if ($ref[0] !== '/') {

15
lib/Cake/Test/Case/Network/CakeRequestTest.php
View file

@ -739,6 +739,9 @@ class CakeRequestTest extends CakeTestCase {
$result = $request->referer();
$this->assertSame($result, 'https://cakephp.org');
$result = $request->referer(true);
$this->assertSame('/', $result);
$_SERVER['HTTP_REFERER'] = '';
$result = $request->referer();
$this->assertSame($result, '/');
@ -751,6 +754,18 @@ class CakeRequestTest extends CakeTestCase {
$result = $request->referer(true);
$this->assertSame($result, '/some/path');
$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '///cakephp.org/';
$result = $request->referer(true);
$this->assertSame('/', $result); // Avoid returning scheme-relative URLs.
$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/0';
$result = $request->referer(true);
$this->assertSame('/0', $result);
$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/';
$result = $request->referer(true);
$this->assertSame('/', $result);
$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/some/path';
$result = $request->referer(false);
$this->assertSame($result, Configure::read('App.fullBaseUrl') . '/some/path');