-
Notifications
You must be signed in to change notification settings - Fork 820
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Refactor Form request handling into FormRequestHandler #6692
API Refactor Form request handling into FormRequestHandler #6692
Conversation
There are some CS failures |
src/Control/RequestHandler.php
Outdated
if (!$pageURL) { | ||
return null; | ||
} | ||
if (Director::is_site_url($pageURL)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why should the getReferer
be opinionated about whether the url is a site url or not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I can call it getInternalReferer
, but the intent of this method is to get only a referer that's safe to redirect to.
I could add a flag to it to allow external urls to be allowed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/**
* Get referrer to redirect back to and safely validates it
*/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll split it into getReferer() (raw) and getReturnReferer() (safely validates)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe getSafeReferer
is all we need as the code to get the referer header is a one liner anyway?
@@ -2,17 +2,15 @@ | |||
|
|||
namespace SilverStripe\Security; | |||
|
|||
use Page; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Page
is never used in this class (apart from for a phpdoc type hint)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll change this string reference to a class constant reference.
private static $page_class = Page::class;
a10c3a7
to
c9130e6
Compare
Fixed up linting issues, split getReferer() into getReferer() and getReturnReferer(), and replaced a string literal with class constant in Security.php. |
The CMS PR needs fixing before we can merge |
API Add HasRequestHandler interface API Refactor Link() and url handling behaviour from Controller into RequestHandler API RequestHandler classes now must define url_segment to have a default Link() API Clean up redirectBack()
c9130e6
to
0c41a97
Compare
Fixed @dhensby |
Fixes #5639
Fixes #6362
Requires silverstripe/silverstripe-cms#1758