Fix CakeRequest::referer(true) returning scheme-relative URLs

Backport of #11503 (and #8795)
2024-11-15 03:18:26 +00:00 · 2017-12-04 21:18:27 +09:00 · 2017-12-04 21:18:27 +09:00 · 9f65402d2c
commit 9f65402d2c
parent 7fbeea4fa8
2 changed files with 16 additions and 1 deletions
--- a/lib/Cake/Network/CakeRequest.php
+++ b/lib/Cake/Network/CakeRequest.php
@ -439,7 +439,7 @@ class CakeRequest implements ArrayAccess {
 		if (!empty($ref) && !empty($base)) {
 			if ($local && strpos($ref, $base) === 0) {
 				$ref = substr($ref, strlen($base));
-				if (empty($ref)) {
+				if (!strlen($ref) || strpos($ref, '//') === 0) {
 					$ref = '/';
 				}
 				if ($ref[0] !== '/') {
--- a/lib/Cake/Test/Case/Network/CakeRequestTest.php
+++ b/lib/Cake/Test/Case/Network/CakeRequestTest.php
@ -739,6 +739,9 @@ class CakeRequestTest extends CakeTestCase {
 		$result = $request->referer();
 		$this->assertSame($result, 'https://cakephp.org');

+		$result = $request->referer(true);
+		$this->assertSame('/', $result);
+
 		$_SERVER['HTTP_REFERER'] = '';
 		$result = $request->referer();
 		$this->assertSame($result, '/');
@ -751,6 +754,18 @@ class CakeRequestTest extends CakeTestCase {
 		$result = $request->referer(true);
 		$this->assertSame($result, '/some/path');

+		$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '///cakephp.org/';
+		$result = $request->referer(true);
+		$this->assertSame('/', $result); // Avoid returning scheme-relative URLs.
+
+		$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/0';
+		$result = $request->referer(true);
+		$this->assertSame('/0', $result);
+
+		$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/';
+		$result = $request->referer(true);
+		$this->assertSame('/', $result);
+
 		$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/some/path';
 		$result = $request->referer(false);
 		$this->assertSame($result, Configure::read('App.fullBaseUrl') . '/some/path');