[Security] Strengthen comparison of target_url vs login_path
This commit is contained in:
parent
e188cd75b5
commit
ac9d75a09e
@ -122,7 +122,7 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
|
||||
if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && parse_url($targetUrl, PHP_URL_PATH) !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
|
@ -137,7 +137,7 @@ class DefaultAuthenticationSuccessHandlerTest extends \PHPUnit_Framework_TestCas
|
||||
$this->assertSame($response, $result);
|
||||
}
|
||||
|
||||
public function testRefererHasToBeDifferentThatLoginUrl()
|
||||
public function testRefererHasToBeDifferentThanLoginUrl()
|
||||
{
|
||||
$options = array('use_referer' => true);
|
||||
|
||||
@ -157,6 +157,26 @@ class DefaultAuthenticationSuccessHandlerTest extends \PHPUnit_Framework_TestCas
|
||||
$this->assertSame($response, $result);
|
||||
}
|
||||
|
||||
public function testRefererWithoutParametersHasToBeDifferentThanLoginUrl()
|
||||
{
|
||||
$options = array('use_referer' => true);
|
||||
|
||||
$this->request->headers->expects($this->any())
|
||||
->method('get')->with('Referer')
|
||||
->will($this->returnValue('/subfolder/login?t=1&p=2'));
|
||||
|
||||
$this->httpUtils->expects($this->once())
|
||||
->method('generateUri')->with($this->request, '/login')
|
||||
->will($this->returnValue('/subfolder/login'));
|
||||
|
||||
$response = $this->expectRedirectResponse('/');
|
||||
|
||||
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options);
|
||||
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
|
||||
|
||||
$this->assertSame($response, $result);
|
||||
}
|
||||
|
||||
public function testRefererTargetPathIsIgnoredByDefault()
|
||||
{
|
||||
$this->request->headers->expects($this->never())->method('get');
|
||||
|
Reference in New Issue
Block a user