From 1d18a4f702e75daba10e5003c1c8661b6c8e410c Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sat, 29 Jun 2013 23:24:26 -0400
Subject: [PATCH] Fix issue where redirectURLs were not generated correctly.

When the first path segment matches the base path an incorrect URL was
generated. Trimming slashes off makes Router normalize the URL correctly
as the leading / implies that the base is already prepended.

Fixes #3897
---
 lib/Cake/Controller/Component/AuthComponent.php |  5 +++--
 .../Controller/Component/AuthComponentTest.php  | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index 112e1d1ee..fcf791d36 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -651,8 +651,8 @@ class AuthComponent extends Component {
  * If no parameter is passed, gets the authentication redirect URL. The URL
  * returned is as per following rules:
  *
- *  - Returns the session Auth.redirect value if it is present and for the same
- *    domain the current app is running on.
+ *  - Returns the normalized URL from session Auth.redirect value if it is
+ *    present and for the same domain the current app is running on.
  *  - If there is no session value and there is a $loginRedirect, the $loginRedirect
  *    value is returned.
  *  - If there is no session and no $loginRedirect, / is returned.
@@ -666,6 +666,7 @@ class AuthComponent extends Component {
 			$this->Session->write('Auth.redirect', $redir);
 		} elseif ($this->Session->check('Auth.redirect')) {
 			$redir = $this->Session->read('Auth.redirect');
+			$redir = is_string($redir) ? ltrim($redir, '/') : $redir;
 			$this->Session->delete('Auth.redirect');
 
 			if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index 75f5eed8b..4855928f5 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1235,6 +1235,23 @@ class AuthComponentTest extends CakeTestCase {
 		$this->assertFalse($this->Auth->Session->check('Auth.redirect'));
 	}
 
+/**
+ * test redirectUrl with duplicate base.
+ *
+ * @return void
+ */
+	public function testRedirectSessionReadDuplicateBase() {
+		$this->Auth->request->webroot = '/waves/';
+		$this->Auth->request->base = '/waves';
+
+		Router::setRequestInfo($this->Auth->request);
+
+		$this->Auth->Session->write('Auth.redirect', '/waves/add');
+
+		$result = $this->Auth->redirectUrl();
+		$this->assertEquals('/waves/add', $result);
+	}
+
 /**
  * test that redirect does not return loginAction if that is what's stored in Auth.redirect.
  * instead loginRedirect should be used.