diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2020-09-22 15:17:13 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2020-09-22 15:37:26 +0200 |
| commit | abe033be855f76fde9e8576ce36460fbb23b1e57 (patch) | |
| tree | eefc804a0cb8c0497a03c954667fd3e75598d0aa /tests/front/controller/visitor/ShaarliVisitorControllerTest.php | |
| parent | 5baafe5001ef2fbe88d3fcdcc225ec12edd3fef1 (diff) | |
| download | Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.gz Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.zst Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.zip | |
Fix invalid redirection using the path of an external domain
Fixes #1554
Diffstat (limited to 'tests/front/controller/visitor/ShaarliVisitorControllerTest.php')
| -rw-r--r-- | tests/front/controller/visitor/ShaarliVisitorControllerTest.php | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/tests/front/controller/visitor/ShaarliVisitorControllerTest.php b/tests/front/controller/visitor/ShaarliVisitorControllerTest.php index 316ce49c..00188c02 100644 --- a/tests/front/controller/visitor/ShaarliVisitorControllerTest.php +++ b/tests/front/controller/visitor/ShaarliVisitorControllerTest.php | |||
| @@ -110,7 +110,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 110 | */ | 110 | */ |
| 111 | public function testRedirectFromRefererDefault(): void | 111 | public function testRedirectFromRefererDefault(): void |
| 112 | { | 112 | { |
| 113 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 113 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 114 | 114 | ||
| 115 | $response = new Response(); | 115 | $response = new Response(); |
| 116 | 116 | ||
| @@ -125,7 +125,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 125 | */ | 125 | */ |
| 126 | public function testRedirectFromRefererWithUnmatchedLoopTerm(): void | 126 | public function testRedirectFromRefererWithUnmatchedLoopTerm(): void |
| 127 | { | 127 | { |
| 128 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 128 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 129 | 129 | ||
| 130 | $response = new Response(); | 130 | $response = new Response(); |
| 131 | 131 | ||
| @@ -140,7 +140,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 140 | */ | 140 | */ |
| 141 | public function testRedirectFromRefererWithMatchingLoopTermInPath(): void | 141 | public function testRedirectFromRefererWithMatchingLoopTermInPath(): void |
| 142 | { | 142 | { |
| 143 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 143 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 144 | 144 | ||
| 145 | $response = new Response(); | 145 | $response = new Response(); |
| 146 | 146 | ||
| @@ -155,7 +155,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 155 | */ | 155 | */ |
| 156 | public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void | 156 | public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void |
| 157 | { | 157 | { |
| 158 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 158 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 159 | 159 | ||
| 160 | $response = new Response(); | 160 | $response = new Response(); |
| 161 | 161 | ||
| @@ -171,7 +171,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 171 | */ | 171 | */ |
| 172 | public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void | 172 | public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void |
| 173 | { | 173 | { |
| 174 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 174 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 175 | 175 | ||
| 176 | $response = new Response(); | 176 | $response = new Response(); |
| 177 | 177 | ||
| @@ -187,7 +187,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 187 | */ | 187 | */ |
| 188 | public function testRedirectFromRefererWithLoopTermInDomain(): void | 188 | public function testRedirectFromRefererWithLoopTermInDomain(): void |
| 189 | { | 189 | { |
| 190 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 190 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 191 | 191 | ||
| 192 | $response = new Response(); | 192 | $response = new Response(); |
| 193 | 193 | ||
| @@ -203,7 +203,7 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 203 | */ | 203 | */ |
| 204 | public function testRedirectFromRefererWithMatchingClearedParam(): void | 204 | public function testRedirectFromRefererWithMatchingClearedParam(): void |
| 205 | { | 205 | { |
| 206 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | 206 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli/subfolder/controller?query=param&other=2'; |
| 207 | 207 | ||
| 208 | $response = new Response(); | 208 | $response = new Response(); |
| 209 | 209 | ||
| @@ -212,4 +212,35 @@ class ShaarliVisitorControllerTest extends TestCase | |||
| 212 | static::assertSame(302, $result->getStatusCode()); | 212 | static::assertSame(302, $result->getStatusCode()); |
| 213 | static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location')); | 213 | static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location')); |
| 214 | } | 214 | } |
| 215 | |||
| 216 | /** | ||
| 217 | * Test redirectFromReferer() - From another domain -> we ignore the given referrer. | ||
| 218 | */ | ||
| 219 | public function testRedirectExternalReferer(): void | ||
| 220 | { | ||
| 221 | $this->container->environment['HTTP_REFERER'] = 'http://other.domain.tld/controller?query=param&other=2'; | ||
| 222 | |||
| 223 | $response = new Response(); | ||
| 224 | |||
| 225 | $result = $this->controller->redirectFromReferer($this->request, $response, ['query'], ['query']); | ||
| 226 | |||
| 227 | static::assertSame(302, $result->getStatusCode()); | ||
| 228 | static::assertSame(['/subfolder/'], $result->getHeader('location')); | ||
| 229 | } | ||
| 230 | |||
| 231 | /** | ||
| 232 | * Test redirectFromReferer() - From another domain -> we ignore the given referrer. | ||
| 233 | */ | ||
| 234 | public function testRedirectExternalRefererExplicitDomainName(): void | ||
| 235 | { | ||
| 236 | $this->container->environment['SERVER_NAME'] = 'my.shaarli.tld'; | ||
| 237 | $this->container->environment['HTTP_REFERER'] = 'http://your.shaarli.tld/controller?query=param&other=2'; | ||
| 238 | |||
| 239 | $response = new Response(); | ||
| 240 | |||
| 241 | $result = $this->controller->redirectFromReferer($this->request, $response, ['query'], ['query']); | ||
| 242 | |||
| 243 | static::assertSame(302, $result->getStatusCode()); | ||
| 244 | static::assertSame(['/subfolder/'], $result->getHeader('location')); | ||
| 245 | } | ||
| 215 | } | 246 | } |