Skip to content

Fix Request::referer(true) returning scheme-relative URLs #11503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
markstory merged 1 commit into from
Dec 4, 2017
Merged

Fix Request::referer(true) returning scheme-relative URLs #11503

markstory merged 1 commit into from
Dec 4, 2017

Conversation

@chinpei215
Copy link
Contributor

@chinpei215 chinpei215 commented Dec 4, 2017

No description provided.

@chinpei215 chinpei215 added this to the 3.5.7 milestone Dec 4, 2017
dereuromark
dereuromark reviewed Dec 4, 2017
View reviewed changes
tests/TestCase/Http/ServerRequestTest.php
$result = $request->referer(true);
$this->assertSame('/some/path', $result);

$request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '///cakephp.org/');
Copy link
Member

@dereuromark dereuromark Dec 4, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whats the value here?
I would expect a test string like //my-domain/path as test to test the above code change.

Copy link
Contributor Author

@chinpei215 chinpei215 Dec 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry if I am wrong, but the problem is at line 578 in ServerRequest.php:

$ref = substr($ref, strlen($base));

This removes App.fullBaseUrl (e.g. http://localhost) and ServerRequest::$webroot (e.g. /) from the HTTP_REFERER. So I tested http://localhost + / + //cakephp.org/ here.

@codecov-io
Copy link

codecov-io commented Dec 4, 2017
edited
Loading

Codecov Report

Merging #11503 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #11503   +/-   ##
=========================================
  Coverage     93.38%   93.38%           
- Complexity    13016    13017    +1     
=========================================
  Files           436      436           
  Lines         32753    32753           
=========================================
  Hits          30586    30586           
  Misses         2167     2167
Impacted Files Coverage Δ Complexity Δ
src/Http/ServerRequest.php 96.98% <100%> (ø) 241 <0> (+1) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3bf426d...dc55988. Read the comment docs.

chinpei215 added a commit to chinpei215/cakephp that referenced this pull request Dec 4, 2017
@chinpei215
Fix CakeRequest::referer(true) returning scheme-relative URLs
9f65402 
Backport of cakephp#11503 (and cakephp#8795)
@chinpei215 chinpei215 mentioned this pull request Dec 4, 2017
Merged
@markstory markstory merged commit df62120 into cakephp:master Dec 4, 2017
@markstory markstory added the http label Dec 4, 2017
@chinpei215 chinpei215 deleted the fix-non-local-referer branch December 5, 2017 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dereuromark dereuromark dereuromark left review comments

Assignees

No one assigned

Labels

defect http

Projects

None yet

Milestone

3.5.7

Development

Successfully merging this pull request may close these issues.

4 participants

@chinpei215 @codecov-io @dereuromark @markstory