From 9f65402d2cb64344fe14dbe9ec9ea62b132ec871 Mon Sep 17 00:00:00 2001 From: chinpei215 Date: Mon, 4 Dec 2017 21:18:27 +0900 Subject: [PATCH] Fix CakeRequest::referer(true) returning scheme-relative URLs Backport of #11503 (and #8795) --- lib/Cake/Network/CakeRequest.php | 2 +- lib/Cake/Test/Case/Network/CakeRequestTest.php | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/Cake/Network/CakeRequest.php b/lib/Cake/Network/CakeRequest.php index 20589cb34..228e46e2e 100644 --- a/lib/Cake/Network/CakeRequest.php +++ b/lib/Cake/Network/CakeRequest.php @@ -439,7 +439,7 @@ class CakeRequest implements ArrayAccess { if (!empty($ref) && !empty($base)) { if ($local && strpos($ref, $base) === 0) { $ref = substr($ref, strlen($base)); - if (empty($ref)) { + if (!strlen($ref) || strpos($ref, '//') === 0) { $ref = '/'; } if ($ref[0] !== '/') { diff --git a/lib/Cake/Test/Case/Network/CakeRequestTest.php b/lib/Cake/Test/Case/Network/CakeRequestTest.php index 2ae40c980..abdb79be8 100644 --- a/lib/Cake/Test/Case/Network/CakeRequestTest.php +++ b/lib/Cake/Test/Case/Network/CakeRequestTest.php @@ -739,6 +739,9 @@ class CakeRequestTest extends CakeTestCase { $result = $request->referer(); $this->assertSame($result, 'https://cakephp.org'); + $result = $request->referer(true); + $this->assertSame('/', $result); + $_SERVER['HTTP_REFERER'] = ''; $result = $request->referer(); $this->assertSame($result, '/'); @@ -751,6 +754,18 @@ class CakeRequestTest extends CakeTestCase { $result = $request->referer(true); $this->assertSame($result, '/some/path'); + $_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '///cakephp.org/'; + $result = $request->referer(true); + $this->assertSame('/', $result); // Avoid returning scheme-relative URLs. + + $_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/0'; + $result = $request->referer(true); + $this->assertSame('/0', $result); + + $_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/'; + $result = $request->referer(true); + $this->assertSame('/', $result); + $_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/some/path'; $result = $request->referer(false); $this->assertSame($result, Configure::read('App.fullBaseUrl') . '/some/path');