Skip to content
Permalink
Browse files

Fix double base directory in unauthorized redirects.

Turn off base path inclusion when the referrer is generated. In the case
where there is no referrer header, we need to omit the base path as
redirect() will add one in.

Including a base path causes apps in sub-directories to behave
incorrectly.

Refs #7205
  • Loading branch information...
markstory committed Aug 17, 2015
1 parent 5643708 commit 5a4ab489de143604959addbc3b7bb39a289e37fb
@@ -405,6 +405,7 @@ protected function _unauthorized(Controller $controller)
if (!empty($this->_config['loginRedirect'])) {
$default = $this->_config['loginRedirect'];
}
$default['_base'] = false;
$url = $controller->referer($default, true);
} else {
$url = $this->_config['unauthorizedRedirect'];
@@ -734,24 +734,32 @@ public function testNoLoginRedirectForAuthenticatedUser()
public function testDefaultToLoginRedirect()
{
$url = '/party/on';
$this->Auth->request = $Request = new Request($url);
$Request->env('HTTP_REFERER', false);
$this->Auth->request->addParams(Router::parse($url));
$this->Auth->request = $request = new Request($url);
$request->env('HTTP_REFERER', false);
$request->addParams(Router::parse($url));
$request->addPaths([
'base' => 'dirname',
'webroot' => '/dirname/',
]);
Router::pushRequest($request);
$this->Auth->config('authorize', ['Controller']);
$this->Auth->setUser(['username' => 'mariano', 'password' => 'cake']);
$this->Auth->config('loginRedirect', [
'controller' => 'something', 'action' => 'else'
'controller' => 'something',
'action' => 'else'
]);
$response = new Response();
$Controller = $this->getMock(
'Cake\Controller\Controller',
['on', 'redirect'],
[$Request, $response]
[$request, $response]
);
$event = new Event('Controller.startup', $Controller);
$expected = Router::url($this->Auth->config('loginRedirect'));
// Should not contain basedir when redirect is called.
$expected = '/something/else';
$Controller->expects($this->once())
->method('redirect')
->with($this->equalTo($expected));

0 comments on commit 5a4ab48

Please sign in to comment.
You can’t perform that action at this time.