mirror of
https://github.com/wallabag/wallabag.git
synced 2024-12-15 01:48:43 +01:00
Make Redirect helper supports only absolute path reference URLs
This commit is contained in:
parent
7ebc96f3b9
commit
9bef459882
@ -2,6 +2,7 @@
|
||||
|
||||
namespace Wallabag\CoreBundle\Helper;
|
||||
|
||||
use GuzzleHttp\Psr7\Uri;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
use Wallabag\CoreBundle\Entity\Config;
|
||||
@ -32,6 +33,14 @@ class Redirect
|
||||
$user = $this->tokenStorage->getToken() ? $this->tokenStorage->getToken()->getUser() : null;
|
||||
|
||||
if (!$user instanceof User) {
|
||||
if (null === $url) {
|
||||
return $this->router->generate('homepage');
|
||||
}
|
||||
|
||||
if (!Uri::isAbsolutePathReference(new Uri($url))) {
|
||||
return $this->router->generate('homepage');
|
||||
}
|
||||
|
||||
return $url;
|
||||
}
|
||||
|
||||
@ -40,10 +49,14 @@ class Redirect
|
||||
return $this->router->generate('homepage');
|
||||
}
|
||||
|
||||
if (null !== $url) {
|
||||
return $url;
|
||||
if (null === $url) {
|
||||
return $this->router->generate('homepage');
|
||||
}
|
||||
|
||||
return $this->router->generate('homepage');
|
||||
if (!Uri::isAbsolutePathReference(new Uri($url))) {
|
||||
return $this->router->generate('homepage');
|
||||
}
|
||||
|
||||
return $url;
|
||||
}
|
||||
}
|
||||
|
@ -73,6 +73,13 @@ class RedirectTest extends TestCase
|
||||
$this->assertSame('/unread/list', $redirectUrl);
|
||||
}
|
||||
|
||||
public function testRedirectToAbsoluteUrl()
|
||||
{
|
||||
$redirectUrl = $this->redirect->to('https://www.google.com/');
|
||||
|
||||
$this->assertSame('/', $redirectUrl);
|
||||
}
|
||||
|
||||
public function testWithNotLoggedUser()
|
||||
{
|
||||
$redirect = new Redirect($this->routerMock, new TokenStorage());
|
||||
|
Loading…
Reference in New Issue
Block a user