diff options
author | ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org> | 2022-01-09 20:27:55 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-09 20:27:55 +0300 |
commit | 385876ab3763f66fecb70269e6802533e5756e1b (patch) | |
tree | dbbae88ce92f01cf87b3c2f4f649f64bf0b6e17d | |
parent | 1a7a60760d86d11b677af16e83e16fa3e8f5d662 (diff) |
Allow prefix n shortening without being logged in
Fixes #3189
- Allow prefix n shortening without being logged in
- Test checking for redirection on successful auth
Props @dan-r for the initial digging on this issue !
-rw-r--r-- | includes/functions-auth.php | 4 | ||||
-rw-r--r-- | includes/functions.php | 5 | ||||
-rw-r--r-- | tests/tests/auth/login_redirection.php | 34 |
3 files changed, 41 insertions, 2 deletions
diff --git a/includes/functions-auth.php b/includes/functions-auth.php index a18d9626..44630e84 100644 --- a/includes/functions-auth.php +++ b/includes/functions-auth.php @@ -98,7 +98,9 @@ function yourls_is_valid_user() { // Login form : redirect to requested URL to avoid re-submitting the login form on page reload if( isset( $_REQUEST['username'] ) && isset( $_REQUEST['password'] ) && isset( $_SERVER['REQUEST_URI'] ) ) { - yourls_redirect( yourls_sanitize_url_safe($_SERVER['REQUEST_URI']) ); + // The return makes sure we exit this function before waiting for redirection. + // This fixes #3189 and honestly I'm not sure why. + return yourls_redirect( yourls_sanitize_url_safe($_SERVER['REQUEST_URI']) ); } } diff --git a/includes/functions.php b/includes/functions.php index 9bcd85cf..06f75f86 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -211,12 +211,13 @@ function yourls_get_referrer() { * @since 1.4 * @param string $location URL to redirect to * @param int $code HTTP status code to send - * @return int 1 for header redirection, 2 for js redirection, 3 otherwise + * @return int 1 for header redirection, 2 for js redirection, 3 otherwise (CLI) */ function yourls_redirect( $location, $code = 301 ) { yourls_do_action( 'pre_redirect', $location, $code ); $location = yourls_apply_filter( 'redirect_location', $location, $code ); $code = yourls_apply_filter( 'redirect_code', $code, $location ); + // Redirect, either properly if possible, or via Javascript otherwise if( !headers_sent() ) { yourls_status_header( $code ); @@ -224,11 +225,13 @@ function yourls_redirect( $location, $code = 301 ) { return 1; } + // Headers sent : redirect with JS if not in CLI if( php_sapi_name() !== 'cli') { yourls_redirect_javascript( $location ); return 2; } + // We're in CLI return 3; } diff --git a/tests/tests/auth/login_redirection.php b/tests/tests/auth/login_redirection.php new file mode 100644 index 00000000..a64aa715 --- /dev/null +++ b/tests/tests/auth/login_redirection.php @@ -0,0 +1,34 @@ +<?php + +/** + * Login redirection + * + * Check that, when submitting correct credentials, we're redirected as expected + * + * @group auth + */ +class Login_Redirection_Tests extends PHPUnit\Framework\TestCase { + + protected $backup_request; + protected $backup_server; + + protected function setUp(): void { + $this->backup_request = $_REQUEST; + $this->backup_server = $_SERVER; + } + + protected function tearDown(): void { + $_REQUEST = $this->backup_request; + $_SERVER = $this->backup_server; + } + + /** + * Check that authentication on a webpage triggers a redirection + */ + public function test_login() { + $_REQUEST['nonce'] = yourls_create_nonce('admin_login'); + $_SERVER['REQUEST_URI'] = '/'; + $this->assertSame( 3, yourls_is_valid_user() ); + } + +} |