New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Request::referer(true) returning scheme-relative URLs #11503

Merged
merged 1 commit into from Dec 4, 2017

Conversation

Projects
None yet
4 participants
@chinpei215
Member

chinpei215 commented Dec 4, 2017

No description provided.

@chinpei215 chinpei215 added the Defect label Dec 4, 2017

@chinpei215 chinpei215 added this to the 3.5.7 milestone Dec 4, 2017

@@ -731,6 +734,10 @@ public function testReferer()
$result = $request->referer(true);
$this->assertSame('/some/path', $result);
$request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '///cakephp.org/');

This comment has been minimized.

@dereuromark

dereuromark Dec 4, 2017

Member

Whats the value here?
I would expect a test string like //my-domain/path as test to test the above code change.

@dereuromark

dereuromark Dec 4, 2017

Member

Whats the value here?
I would expect a test string like //my-domain/path as test to test the above code change.

This comment has been minimized.

@chinpei215

chinpei215 Dec 4, 2017

Member

Sorry if I am wrong, but the problem is at line 578 in ServerRequest.php:

$ref = substr($ref, strlen($base));

This removes App.fullBaseUrl (e.g. http://localhost) and ServerRequest::$webroot (e.g. /) from the HTTP_REFERER. So I tested http://localhost + / + //cakephp.org/ here.

@chinpei215

chinpei215 Dec 4, 2017

Member

Sorry if I am wrong, but the problem is at line 578 in ServerRequest.php:

$ref = substr($ref, strlen($base));

This removes App.fullBaseUrl (e.g. http://localhost) and ServerRequest::$webroot (e.g. /) from the HTTP_REFERER. So I tested http://localhost + / + //cakephp.org/ here.

@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Dec 4, 2017

Codecov Report

Merging #11503 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #11503   +/-   ##
=========================================
  Coverage     93.38%   93.38%           
- Complexity    13016    13017    +1     
=========================================
  Files           436      436           
  Lines         32753    32753           
=========================================
  Hits          30586    30586           
  Misses         2167     2167
Impacted Files Coverage Δ Complexity Δ
src/Http/ServerRequest.php 96.98% <100%> (ø) 241 <0> (+1) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3bf426d...dc55988. Read the comment docs.

codecov-io commented Dec 4, 2017

Codecov Report

Merging #11503 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #11503   +/-   ##
=========================================
  Coverage     93.38%   93.38%           
- Complexity    13016    13017    +1     
=========================================
  Files           436      436           
  Lines         32753    32753           
=========================================
  Hits          30586    30586           
  Misses         2167     2167
Impacted Files Coverage Δ Complexity Δ
src/Http/ServerRequest.php 96.98% <100%> (ø) 241 <0> (+1) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3bf426d...dc55988. Read the comment docs.

chinpei215 added a commit to chinpei215/cakephp that referenced this pull request Dec 4, 2017

@markstory markstory merged commit df62120 into cakephp:master Dec 4, 2017

5 checks passed

codecov/patch 100% of diff hit (target 93.38%)
Details
codecov/project 93.38% (+0%) compared to 3bf426d
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
stickler-ci No lint errors found.

@markstory markstory added the http label Dec 4, 2017

@chinpei215 chinpei215 deleted the chinpei215:fix-non-local-referer branch Dec 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment