Make Redirect helper supports only absolute path reference URLs

This commit is contained in:
Yassine Guedidi 2023-12-28 21:26:10 +01:00
parent 7ebc96f3b9
commit 9bef459882
2 changed files with 23 additions and 3 deletions

View file

@ -2,6 +2,7 @@
namespace Wallabag\CoreBundle\Helper; namespace Wallabag\CoreBundle\Helper;
use GuzzleHttp\Psr7\Uri;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Wallabag\CoreBundle\Entity\Config; use Wallabag\CoreBundle\Entity\Config;
@ -32,6 +33,14 @@ class Redirect
$user = $this->tokenStorage->getToken() ? $this->tokenStorage->getToken()->getUser() : null; $user = $this->tokenStorage->getToken() ? $this->tokenStorage->getToken()->getUser() : null;
if (!$user instanceof User) { if (!$user instanceof User) {
if (null === $url) {
return $this->router->generate('homepage');
}
if (!Uri::isAbsolutePathReference(new Uri($url))) {
return $this->router->generate('homepage');
}
return $url; return $url;
} }
@ -40,10 +49,14 @@ class Redirect
return $this->router->generate('homepage'); return $this->router->generate('homepage');
} }
if (null !== $url) { if (null === $url) {
return $url; return $this->router->generate('homepage');
} }
return $this->router->generate('homepage'); if (!Uri::isAbsolutePathReference(new Uri($url))) {
return $this->router->generate('homepage');
}
return $url;
} }
} }

View file

@ -73,6 +73,13 @@ class RedirectTest extends TestCase
$this->assertSame('/unread/list', $redirectUrl); $this->assertSame('/unread/list', $redirectUrl);
} }
public function testRedirectToAbsoluteUrl()
{
$redirectUrl = $this->redirect->to('https://www.google.com/');
$this->assertSame('/', $redirectUrl);
}
public function testWithNotLoggedUser() public function testWithNotLoggedUser()
{ {
$redirect = new Redirect($this->routerMock, new TokenStorage()); $redirect = new Redirect($this->routerMock, new TokenStorage());