Skip to content
Permalink
Browse files

Fix Request::referer(true) returning scheme-relative URLs

  • Loading branch information...
chinpei215 committed Dec 4, 2017
1 parent 3bf426d commit dc55988f7d267ad8a150efaf6c084554ce531edb
Showing with 8 additions and 1 deletion.
  1. +1 −1 src/Http/ServerRequest.php
  2. +7 −0 tests/TestCase/Http/ServerRequestTest.php
@@ -576,7 +576,7 @@ public function referer($local = false)
if (!empty($ref) && !empty($base)) {
if ($local && strpos($ref, $base) === 0) {
$ref = substr($ref, strlen($base));
if (!strlen($ref)) {
if (!strlen($ref) || strpos($ref, '//') === 0) {
$ref = '/';
}
if ($ref[0] !== '/') {
@@ -723,6 +723,9 @@ public function testReferer()
$result = $request->referer();
$this->assertSame('http://cakephp.org', $result);
$result = $request->referer(true);
$this->assertSame('/', $result);
$request->env('HTTP_REFERER', '');
$result = $request->referer();
$this->assertSame('/', $result);
@@ -731,6 +734,10 @@ public function testReferer()
$result = $request->referer(true);
$this->assertSame('/some/path', $result);
$request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '///cakephp.org/');
$result = $request->referer(true);
$this->assertSame('/', $result); // Avoid returning scheme-relative URLs.
$request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '/0');
$result = $request->referer(true);
$this->assertSame('/0', $result);

0 comments on commit dc55988

Please sign in to comment.
You can’t perform that action at this time.