diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php index 112e1d1ee..fcf791d36 100644 --- a/lib/Cake/Controller/Component/AuthComponent.php +++ b/lib/Cake/Controller/Component/AuthComponent.php @@ -651,8 +651,8 @@ class AuthComponent extends Component { * If no parameter is passed, gets the authentication redirect URL. The URL * returned is as per following rules: * - * - Returns the session Auth.redirect value if it is present and for the same - * domain the current app is running on. + * - Returns the normalized URL from session Auth.redirect value if it is + * present and for the same domain the current app is running on. * - If there is no session value and there is a $loginRedirect, the $loginRedirect * value is returned. * - If there is no session and no $loginRedirect, / is returned. @@ -666,6 +666,7 @@ class AuthComponent extends Component { $this->Session->write('Auth.redirect', $redir); } elseif ($this->Session->check('Auth.redirect')) { $redir = $this->Session->read('Auth.redirect'); + $redir = is_string($redir) ? ltrim($redir, '/') : $redir; $this->Session->delete('Auth.redirect'); if (Router::normalize($redir) == Router::normalize($this->loginAction)) { diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php index 75f5eed8b..4855928f5 100644 --- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php @@ -1235,6 +1235,23 @@ class AuthComponentTest extends CakeTestCase { $this->assertFalse($this->Auth->Session->check('Auth.redirect')); } +/** + * test redirectUrl with duplicate base. + * + * @return void + */ + public function testRedirectSessionReadDuplicateBase() { + $this->Auth->request->webroot = '/waves/'; + $this->Auth->request->base = '/waves'; + + Router::setRequestInfo($this->Auth->request); + + $this->Auth->Session->write('Auth.redirect', '/waves/add'); + + $result = $this->Auth->redirectUrl(); + $this->assertEquals('/waves/add', $result); + } + /** * test that redirect does not return loginAction if that is what's stored in Auth.redirect. * instead loginRedirect should be used.