Make Redirect helper supports only absolute path reference URLs

This commit is contained in:
Yassine Guedidi 2023-12-28 21:26:10 +01:00
parent 7ebc96f3b9
commit 9bef459882
2 changed files with 23 additions and 3 deletions

View File

@ -2,6 +2,7 @@
namespace Wallabag\CoreBundle\Helper;
use GuzzleHttp\Psr7\Uri;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Wallabag\CoreBundle\Entity\Config;
@ -32,6 +33,14 @@ class Redirect
$user = $this->tokenStorage->getToken() ? $this->tokenStorage->getToken()->getUser() : null;
if (!$user instanceof User) {
if (null === $url) {
return $this->router->generate('homepage');
}
if (!Uri::isAbsolutePathReference(new Uri($url))) {
return $this->router->generate('homepage');
}
return $url;
}
@ -40,10 +49,14 @@ class Redirect
return $this->router->generate('homepage');
}
if (null !== $url) {
return $url;
if (null === $url) {
return $this->router->generate('homepage');
}
return $this->router->generate('homepage');
if (!Uri::isAbsolutePathReference(new Uri($url))) {
return $this->router->generate('homepage');
}
return $url;
}
}

View File

@ -73,6 +73,13 @@ class RedirectTest extends TestCase
$this->assertSame('/unread/list', $redirectUrl);
}
public function testRedirectToAbsoluteUrl()
{
$redirectUrl = $this->redirect->to('https://www.google.com/');
$this->assertSame('/', $redirectUrl);
}
public function testWithNotLoggedUser()
{
$redirect = new Redirect($this->routerMock, new TokenStorage());