diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security\Http] detect bad redirect targets using backslashes

This commit is contained in:
Christian Flothmann 2018-09-13 19:04:50 +02:00 committed by Nicolas Grekas
parent cb8302cb76
commit 99a0cec0a6
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Http/HttpUtils.php
View File

@ -59,7 +59,7 @@ class HttpUtils
*/ */
public function createRedirectResponse(Request $request, $path, $status = 302) public function createRedirectResponse(Request $request, $path, $status = 302)
{ {
if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) { if (null !== $this->domainRegexp && preg_match('#^https?:[/\\\\]{2,}+[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
$path = '/'; $path = '/';
} }

18
src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php
View File

@ -54,14 +54,28 @@ class HttpUtilsTest extends TestCase
$this->assertTrue($response->isRedirect('http://localhost/blog')); $this->assertTrue($response->isRedirect('http://localhost/blog'));
} }
public function testCreateRedirectResponseWithBadRequestsDomain() /**
* @dataProvider badRequestDomainUrls
*/
public function testCreateRedirectResponseWithBadRequestsDomain($url)
{ {
$utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i'); $utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i');
$response = $utils->createRedirectResponse($this->getRequest(), 'http://pirate.net/foo'); $response = $utils->createRedirectResponse($this->getRequest(), $url);
$this->assertTrue($response->isRedirect('http://localhost/')); $this->assertTrue($response->isRedirect('http://localhost/'));
} }
public function badRequestDomainUrls()
{
return array(
array('http://pirate.net/foo'),
array('http:\\\\pirate.net/foo'),
array('http:/\\pirate.net/foo'),
array('http:\\/pirate.net/foo'),
array('http://////pirate.net/foo'),
);
}
public function testCreateRedirectResponseWithProtocolRelativeTarget() public function testCreateRedirectResponseWithProtocolRelativeTarget()
{ {
$utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i'); $utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i');