Fix incorrect URL generation

When a fullBaseURL is being used we should check for the exact base
string being a prefix and not just the string length as it could be full
of garbage.

Fixes #15163
This commit is contained in:
Mark Story 2020-11-19 22:47:52 -05:00
parent b07bba4d4f
commit 63d708118a
2 changed files with 10 additions and 2 deletions

View file

@ -256,7 +256,10 @@ class CakeRequest implements ArrayAccess {
if ($qPosition !== false && strpos($_SERVER['REQUEST_URI'], '://') > $qPosition) { if ($qPosition !== false && strpos($_SERVER['REQUEST_URI'], '://') > $qPosition) {
$uri = $_SERVER['REQUEST_URI']; $uri = $_SERVER['REQUEST_URI'];
} else { } else {
$uri = substr($_SERVER['REQUEST_URI'], strlen(Configure::read('App.fullBaseUrl'))); $baseUrl = Configure::read('App.fullBaseUrl');
if (substr($_SERVER['REQUEST_URI'], 0, strlen($baseUrl)) === $baseUrl) {
$uri = substr($_SERVER['REQUEST_URI'], strlen($baseUrl));
}
} }
} elseif (isset($_SERVER['PHP_SELF']) && isset($_SERVER['SCRIPT_NAME'])) { } elseif (isset($_SERVER['PHP_SELF']) && isset($_SERVER['SCRIPT_NAME'])) {
$uri = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['PHP_SELF']); $uri = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['PHP_SELF']);

View file

@ -215,9 +215,14 @@ class CakeRequestTest extends CakeTestCase {
$request = new CakeRequest(); $request = new CakeRequest();
$this->assertEquals('some/path', $request->url); $this->assertEquals('some/path', $request->url);
$_SERVER['REQUEST_URI'] = Configure::read('App.fullBaseUrl') . '/other/path?url=https://cakephp.org'; $base = Configure::read('App.fullBaseUrl');
$_SERVER['REQUEST_URI'] = $base . '/other/path?url=https://cakephp.org';
$request = new CakeRequest(); $request = new CakeRequest();
$this->assertEquals('other/path', $request->url); $this->assertEquals('other/path', $request->url);
$_SERVER['REQUEST_URI'] = str_repeat('x', strlen($base) - 4) . '://?/other/path';
$request = new CakeRequest();
$this->assertEquals('', $request->url);
} }
/** /**