Skip to content

Commit

Permalink
fix: host header inject
Browse files Browse the repository at this point in the history
  • Loading branch information
liufee committed Aug 29, 2022
1 parent 9086eda commit d45cb9c
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 6 deletions.
50 changes: 50 additions & 0 deletions common/components/Response.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?php

namespace common\components;

use Yii;
use yii\helpers\Url;

class Response extends \yii\web\Response
{
public function redirect($url, $statusCode = 302, $checkAjax = true)
{
if (is_array($url) && isset($url[0])) {
// ensure the route is absolute
$url[0] = '/' . ltrim($url[0], '/');
}
$request = Yii::$app->getRequest();
$url = Url::to($url);
if( strpos($url, "://") !== false ){
$newURL = "";
$array = parse_url(Yii::$app->getUser()->getReturnUrl());
isset($array['path']) && $newURL .= $array['path'];
isset($array['query']) && $newURL .= "?" . $array['query'];
if ($newURL == ""){
$url = "/";
}else{
$url = $newURL;
}
}
if ($checkAjax) {
if ($request->getIsAjax()) {
if (in_array($statusCode, [301, 302]) && preg_match('/Trident\/|MSIE[ ]/', (string)$request->userAgent)) {
$statusCode = 200;
}
if ($request->getIsPjax()) {
$this->getHeaders()->set('X-Pjax-Url', $url);
} else {
$this->getHeaders()->set('X-Redirect', $url);
}
} else {
$this->getHeaders()->set('Location', $url);
}
} else {
$this->getHeaders()->set('Location', $url);
}

$this->setStatusCode($statusCode);

return $this;
}
}
3 changes: 3 additions & 0 deletions common/config/main.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
'password' => '',
'charset' => '',
],
'response' => [
'class' => common\components\Response::className(),
],
'cdn' => [//support Qiniu(七牛) TencentCloud(腾讯云) Aliyun(阿里云) Netease(网易云) more detail for visit http://doc.feehi.com/cdn.html
'class' => feehi\cdn\DummyTarget::className(),//DummyTarget will not use and cdn
],
Expand Down
5 changes: 3 additions & 2 deletions common/mail/backend/passwordResetToken-html.php
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
<?php
use yii\helpers\Html;
use common\helpers\Util;

/* @var $this yii\web\View */
/* @var $user backend\models\AdminUser */
/* @var $user common\models\AdminUser */

$resetLink = Yii::$app->urlManager->createAbsoluteUrl(['admin-user/reset-password', 'token' => $user->password_reset_token]);
$resetLink = Util::assembleAbsoluteURL(['admin-user/reset-password', 'token' => $user->password_reset_token]);
?>
<div class="password-reset">
<p>Hello <?= Html::encode($user->username) ?>,</p>
Expand Down
5 changes: 3 additions & 2 deletions common/mail/backend/passwordResetToken-text.php
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
<?php
use common\helpers\Util;

/* @var $this yii\web\View */
/* @var $user backend\models\AdminUser */
/* @var $user common\models\AdminUser */

$resetLink = Yii::$app->urlManager->createAbsoluteUrl(['admin-user/reset-password', 'token' => $user->password_reset_token]);
$resetLink = Util::assembleAbsoluteURL(['admin-user/reset-password', 'token' => $user->password_reset_token]);
?>
Hello <?= $user->username ?>,

Expand Down
3 changes: 2 additions & 1 deletion common/mail/passwordResetToken-html.php
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
<?php
use yii\helpers\Html;
use common\helpers\Util;

/* @var $this yii\web\View */
/* @var $user common\models\User */

$resetLink = Yii::$app->urlManager->createAbsoluteUrl(['site/reset-password', 'token' => $user->password_reset_token]);
$resetLink = Util::assembleAbsoluteURL(['site/reset-password', 'token' => $user->password_reset_token]);
?>
<div class="password-reset">
<p>Hello <?= Html::encode($user->username) ?>,</p>
Expand Down
3 changes: 2 additions & 1 deletion common/mail/passwordResetToken-text.php
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
<?php
use common\helpers\Util;

/* @var $this yii\web\View */
/* @var $user common\models\User */

$resetLink = Yii::$app->urlManager->createAbsoluteUrl(['site/reset-password', 'token' => $user->password_reset_token]);
$resetLink = Util::assembleAbsoluteURL(['site/reset-password', 'token' => $user->password_reset_token]);
?>
Hello <?= $user->username ?>,

Expand Down

0 comments on commit d45cb9c

Please sign in to comment.