aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/front/controller/visitor/ShaarliVisitorControllerTest.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-09-22 15:17:13 +0200
committerArthurHoaro <arthur@hoa.ro>2020-09-22 15:37:26 +0200
commitabe033be855f76fde9e8576ce36460fbb23b1e57 (patch)
treeeefc804a0cb8c0497a03c954667fd3e75598d0aa /tests/front/controller/visitor/ShaarliVisitorControllerTest.php
parent5baafe5001ef2fbe88d3fcdcc225ec12edd3fef1 (diff)
downloadShaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.gz
Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.zst
Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.zip
Fix invalid redirection using the path of an external domain
Fixes #1554
Diffstat (limited to 'tests/front/controller/visitor/ShaarliVisitorControllerTest.php')
-rw-r--r--tests/front/controller/visitor/ShaarliVisitorControllerTest.php45
1 files changed, 38 insertions, 7 deletions
diff --git a/tests/front/controller/visitor/ShaarliVisitorControllerTest.php b/tests/front/controller/visitor/ShaarliVisitorControllerTest.php
index 316ce49c..00188c02 100644
--- a/tests/front/controller/visitor/ShaarliVisitorControllerTest.php
+++ b/tests/front/controller/visitor/ShaarliVisitorControllerTest.php
@@ -110,7 +110,7 @@ class ShaarliVisitorControllerTest extends TestCase
110 */ 110 */
111 public function testRedirectFromRefererDefault(): void 111 public function testRedirectFromRefererDefault(): void
112 { 112 {
113 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 113 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
114 114
115 $response = new Response(); 115 $response = new Response();
116 116
@@ -125,7 +125,7 @@ class ShaarliVisitorControllerTest extends TestCase
125 */ 125 */
126 public function testRedirectFromRefererWithUnmatchedLoopTerm(): void 126 public function testRedirectFromRefererWithUnmatchedLoopTerm(): void
127 { 127 {
128 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 128 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
129 129
130 $response = new Response(); 130 $response = new Response();
131 131
@@ -140,7 +140,7 @@ class ShaarliVisitorControllerTest extends TestCase
140 */ 140 */
141 public function testRedirectFromRefererWithMatchingLoopTermInPath(): void 141 public function testRedirectFromRefererWithMatchingLoopTermInPath(): void
142 { 142 {
143 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 143 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
144 144
145 $response = new Response(); 145 $response = new Response();
146 146
@@ -155,7 +155,7 @@ class ShaarliVisitorControllerTest extends TestCase
155 */ 155 */
156 public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void 156 public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void
157 { 157 {
158 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 158 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
159 159
160 $response = new Response(); 160 $response = new Response();
161 161
@@ -171,7 +171,7 @@ class ShaarliVisitorControllerTest extends TestCase
171 */ 171 */
172 public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void 172 public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void
173 { 173 {
174 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 174 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
175 175
176 $response = new Response(); 176 $response = new Response();
177 177
@@ -187,7 +187,7 @@ class ShaarliVisitorControllerTest extends TestCase
187 */ 187 */
188 public function testRedirectFromRefererWithLoopTermInDomain(): void 188 public function testRedirectFromRefererWithLoopTermInDomain(): void
189 { 189 {
190 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 190 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
191 191
192 $response = new Response(); 192 $response = new Response();
193 193
@@ -203,7 +203,7 @@ class ShaarliVisitorControllerTest extends TestCase
203 */ 203 */
204 public function testRedirectFromRefererWithMatchingClearedParam(): void 204 public function testRedirectFromRefererWithMatchingClearedParam(): void
205 { 205 {
206 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; 206 $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2';
207 207
208 $response = new Response(); 208 $response = new Response();
209 209
@@ -212,4 +212,35 @@ class ShaarliVisitorControllerTest extends TestCase
212 static::assertSame(302, $result->getStatusCode()); 212 static::assertSame(302, $result->getStatusCode());
213 static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location')); 213 static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location'));
214 } 214 }
215
216 /**
217 * Test redirectFromReferer() - From another domain -> we ignore the given referrer.
218 */
219 public function testRedirectExternalReferer(): void
220 {
221 $this->container->environment['HTTP_REFERER'] = 'http://other.domain.tld/controller?query=param&other=2';
222
223 $response = new Response();
224
225 $result = $this->controller->redirectFromReferer($this->request, $response, ['query'], ['query']);
226
227 static::assertSame(302, $result->getStatusCode());
228 static::assertSame(['/subfolder/'], $result->getHeader('location'));
229 }
230
231 /**
232 * Test redirectFromReferer() - From another domain -> we ignore the given referrer.
233 */
234 public function testRedirectExternalRefererExplicitDomainName(): void
235 {
236 $this->container->environment['SERVER_NAME'] = 'my.shaarli.tld';
237 $this->container->environment['HTTP_REFERER'] = 'http://your.shaarli.tld/controller?query=param&other=2';
238
239 $response = new Response();
240
241 $result = $this->controller->redirectFromReferer($this->request, $response, ['query'], ['query']);
242
243 static::assertSame(302, $result->getStatusCode());
244 static::assertSame(['/subfolder/'], $result->getHeader('location'));
245 }
215} 246}