mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
Ensuring that the auth component never redirects to an external link.
Tests updated to match code changes and tests added for external referer examples git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7874 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
parent
f06401c563
commit
b43128c809
2 changed files with 27 additions and 3 deletions
|
@ -309,7 +309,7 @@ class AuthComponent extends Object {
|
||||||
if ($loginAction == $url) {
|
if ($loginAction == $url) {
|
||||||
if (empty($controller->data) || !isset($controller->data[$this->userModel])) {
|
if (empty($controller->data) || !isset($controller->data[$this->userModel])) {
|
||||||
if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
|
if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
|
||||||
$this->Session->write('Auth.redirect', $controller->referer());
|
$this->Session->write('Auth.redirect', $controller->referer(null, true));
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -717,7 +717,7 @@ class AuthTest extends CakeTestCase {
|
||||||
|
|
||||||
|
|
||||||
$this->Controller->Session->del('Auth');
|
$this->Controller->Session->del('Auth');
|
||||||
$_SERVER['HTTP_REFERER'] = '/admin/';
|
$_SERVER['HTTP_REFERER'] = Router::url('/admin/', true);
|
||||||
|
|
||||||
$this->Controller->Session->write('Auth', array(
|
$this->Controller->Session->write('Auth', array(
|
||||||
'AuthUser' => array('id'=>'1', 'username'=>'nate'))
|
'AuthUser' => array('id'=>'1', 'username'=>'nate'))
|
||||||
|
@ -728,7 +728,7 @@ class AuthTest extends CakeTestCase {
|
||||||
$this->Controller->Auth->userModel = 'AuthUser';
|
$this->Controller->Auth->userModel = 'AuthUser';
|
||||||
$this->Controller->Auth->loginRedirect = false;
|
$this->Controller->Auth->loginRedirect = false;
|
||||||
$this->Controller->Auth->startup($this->Controller);
|
$this->Controller->Auth->startup($this->Controller);
|
||||||
$expected = Router::normalize('admin');
|
$expected = Router::normalize('/admin');
|
||||||
$this->assertEqual($expected, $this->Controller->Auth->redirect());
|
$this->assertEqual($expected, $this->Controller->Auth->redirect());
|
||||||
|
|
||||||
//Ticket #4750
|
//Ticket #4750
|
||||||
|
@ -754,6 +754,30 @@ class AuthTest extends CakeTestCase {
|
||||||
$expected = Router::normalize('posts/view/1');
|
$expected = Router::normalize('posts/view/1');
|
||||||
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
||||||
|
|
||||||
|
//external authed action
|
||||||
|
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
||||||
|
$this->Controller->Session->del('Auth');
|
||||||
|
$url = '/posts/edit/1';
|
||||||
|
$this->Controller->params = Router::parse($url);
|
||||||
|
$this->Controller->Auth->initialize($this->Controller);
|
||||||
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
||||||
|
$this->Controller->Auth->userModel = 'AuthUser';
|
||||||
|
$this->Controller->Auth->startup($this->Controller);
|
||||||
|
$expected = Router::normalize('/posts/edit/1');
|
||||||
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
||||||
|
|
||||||
|
//external direct login link
|
||||||
|
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
||||||
|
$this->Controller->Session->del('Auth');
|
||||||
|
$url = '/AuthTest/login';
|
||||||
|
$this->Controller->params = Router::parse($url);
|
||||||
|
$this->Controller->Auth->initialize($this->Controller);
|
||||||
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
||||||
|
$this->Controller->Auth->userModel = 'AuthUser';
|
||||||
|
$this->Controller->Auth->startup($this->Controller);
|
||||||
|
$expected = Router::normalize('/');
|
||||||
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
||||||
|
|
||||||
$_SERVER['HTTP_REFERER'] = $backup;
|
$_SERVER['HTTP_REFERER'] = $backup;
|
||||||
$this->Controller->Session->del('Auth');
|
$this->Controller->Session->del('Auth');
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue