[CORE][Form] Add facilities for automattically adding a _next field to all forms, which can be customized by the in Form::create and defaults to the current URL. Usage of RedirectedException should mostly be replaced with Form::forceRedirect

This commit is contained in:
Hugo Sales 2022-03-04 15:12:35 +00:00 committed by Diogo Peralta Cordeiro
parent d629976322
commit 6ddc176faf
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0

View File

@ -33,8 +33,10 @@ declare(strict_types = 1);
namespace App\Core; namespace App\Core;
use App\Core\DB\DB; use App\Core\DB\DB;
use function App\Core\I18n\_m;
use App\Core\Router\Router; use App\Core\Router\Router;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\ClientException;
use App\Util\Exception\RedirectException; use App\Util\Exception\RedirectException;
use App\Util\Exception\ServerException; use App\Util\Exception\ServerException;
use App\Util\Formatting; use App\Util\Formatting;
@ -45,6 +47,7 @@ use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\Form\FormInterface as SymfFormInterface; use Symfony\Component\Form\FormInterface as SymfFormInterface;
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
/** /**
* This class converts our own form representation to Symfony's * This class converts our own form representation to Symfony's
@ -224,11 +227,10 @@ abstract class Form
$next = mb_substr($next, 0, $pos); $next = mb_substr($next, 0, $pos);
} }
Router::match($next); Router::match($next);
$next = $next . ($fragment ?? '');
return new RedirectResponse(url: $next . ($fragment ?? '')); return new RedirectResponse(url: $next . ($fragment ?? ''));
} catch (ResourceNotFoundException $e) { } catch (ResourceNotFoundException $e) {
$user = Common::user(); $user = Common::user();
$user_id = \is_null($user) ? $user->getId() : '(not logged in)'; $user_id = !\is_null($user) ? $user->getId() : '(not logged in)';
Log::warning("Suspicious activity: User with ID {$user_id} submitted a form where the `_next` parameter is not a valid local URL ({$next})"); Log::warning("Suspicious activity: User with ID {$user_id} submitted a form where the `_next` parameter is not a valid local URL ({$next})");
throw new ClientException(_m('Invalid form submission'), $e); throw new ClientException(_m('Invalid form submission'), $e);
} }