-
Notifications
You must be signed in to change notification settings - Fork 5.2k
/
NopRedirectResultExecutor.cs
82 lines (69 loc) · 3.2 KB
/
NopRedirectResultExecutor.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Infrastructure;
using Microsoft.AspNetCore.Mvc.Routing;
using Microsoft.Extensions.Logging;
using Nop.Core;
using Nop.Core.Domain.Security;
namespace Nop.Web.Framework.Mvc.Routing
{
/// <summary>
/// Represents custom overridden redirect result executor
/// </summary>
public partial class NopRedirectResultExecutor : RedirectResultExecutor
{
#region Fields
protected readonly IActionContextAccessor _actionContextAccessor;
protected readonly IUrlHelperFactory _urlHelperFactory;
protected readonly SecuritySettings _securitySettings;
protected readonly IWebHelper _webHelper;
#endregion
#region Ctor
public NopRedirectResultExecutor(IActionContextAccessor actionContextAccessor,
ILoggerFactory loggerFactory,
IUrlHelperFactory urlHelperFactory,
SecuritySettings securitySettings,
IWebHelper webHelper) : base(loggerFactory, urlHelperFactory)
{
_actionContextAccessor = actionContextAccessor;
_urlHelperFactory = urlHelperFactory;
_securitySettings = securitySettings;
_webHelper = webHelper;
}
#endregion
#region Methods
/// <summary>
/// Execute passed redirect result
/// </summary>
/// <param name="context">Action context</param>
/// <param name="result">Redirect result</param>
/// <returns>A task that represents the asynchronous operation</returns>
public override Task ExecuteAsync(ActionContext context, RedirectResult result)
{
if (result == null)
throw new ArgumentNullException(nameof(result));
if (_securitySettings.AllowNonAsciiCharactersInHeaders)
{
//passed redirect URL may contain non-ASCII characters, that are not allowed now (see https://github.com/aspnet/KestrelHttpServer/issues/1144)
//so we force to encode this URL before processing
var url = WebUtility.UrlDecode(result.Url);
var urlHelper = result.UrlHelper ?? _urlHelperFactory.GetUrlHelper(_actionContextAccessor.ActionContext);
var isLocalUrl = urlHelper.IsLocalUrl(url);
var uriStr = url;
if (isLocalUrl)
{
var pathBase = context.HttpContext.Request.PathBase;
uriStr = $"{_webHelper.GetStoreLocation().TrimEnd('/')}{(url.StartsWith(pathBase) && !string.IsNullOrEmpty(pathBase) ? url.Replace(pathBase, "") : url)}";
}
var uri = new Uri(uriStr, UriKind.Absolute);
//Allowlist redirect URI schemes to http and https
if ((uri.Scheme == Uri.UriSchemeHttp || uri.Scheme == Uri.UriSchemeHttps) && urlHelper.IsLocalUrl(uri.AbsolutePath))
result.Url = isLocalUrl ? uri.PathAndQuery : $"{uri.GetLeftPart(UriPartial.Query)}{uri.Fragment}";
else
result.Url = urlHelper.RouteUrl("Homepage");
}
return base.ExecuteAsync(context, result);
}
#endregion
}
}