[CORE][Form] Add facilities for automattically adding a _next field to all forms, which can be customized by the in Form::create and defaults to the current URL. Usage of RedirectedException should mostly be replaced with Form::forceRedirect
This commit is contained in:
parent
d629976322
commit
6ddc176faf
@ -33,8 +33,10 @@ declare(strict_types = 1);
|
|||||||
namespace App\Core;
|
namespace App\Core;
|
||||||
|
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
|
use function App\Core\I18n\_m;
|
||||||
use App\Core\Router\Router;
|
use App\Core\Router\Router;
|
||||||
use App\Util\Common;
|
use App\Util\Common;
|
||||||
|
use App\Util\Exception\ClientException;
|
||||||
use App\Util\Exception\RedirectException;
|
use App\Util\Exception\RedirectException;
|
||||||
use App\Util\Exception\ServerException;
|
use App\Util\Exception\ServerException;
|
||||||
use App\Util\Formatting;
|
use App\Util\Formatting;
|
||||||
@ -45,6 +47,7 @@ use Symfony\Component\Form\FormFactoryInterface;
|
|||||||
use Symfony\Component\Form\FormInterface as SymfFormInterface;
|
use Symfony\Component\Form\FormInterface as SymfFormInterface;
|
||||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class converts our own form representation to Symfony's
|
* This class converts our own form representation to Symfony's
|
||||||
@ -224,11 +227,10 @@ abstract class Form
|
|||||||
$next = mb_substr($next, 0, $pos);
|
$next = mb_substr($next, 0, $pos);
|
||||||
}
|
}
|
||||||
Router::match($next);
|
Router::match($next);
|
||||||
$next = $next . ($fragment ?? '');
|
|
||||||
return new RedirectResponse(url: $next . ($fragment ?? ''));
|
return new RedirectResponse(url: $next . ($fragment ?? ''));
|
||||||
} catch (ResourceNotFoundException $e) {
|
} catch (ResourceNotFoundException $e) {
|
||||||
$user = Common::user();
|
$user = Common::user();
|
||||||
$user_id = \is_null($user) ? $user->getId() : '(not logged in)';
|
$user_id = !\is_null($user) ? $user->getId() : '(not logged in)';
|
||||||
Log::warning("Suspicious activity: User with ID {$user_id} submitted a form where the `_next` parameter is not a valid local URL ({$next})");
|
Log::warning("Suspicious activity: User with ID {$user_id} submitted a form where the `_next` parameter is not a valid local URL ({$next})");
|
||||||
throw new ClientException(_m('Invalid form submission'), $e);
|
throw new ClientException(_m('Invalid form submission'), $e);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user