Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>2020-04-10 09:50:15 +0300
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>2020-04-15 12:30:10 +0300
commit8d72a2adef0f858bef4bcbc4f8f8944dc80a82f6 (patch)
treedcae7588c692ca809a981ea25a2484c6caa8c06b
parent7d412b5733add714f589b761fa36fcc98039c2eb (diff)
Fix absolute redirect
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Diffstat
-rw-r--r--core/Controller/LoginController.php2
-rw-r--r--tests/Core/Controller/LoginControllerTest.php6
2 files changed, 4 insertions, 4 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 13aef8f67ab..6446941ff9c 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -253,7 +253,7 @@ class LoginController extends Controller {
private function generateRedirect(?string $redirectUrl): RedirectResponse {
if ($redirectUrl !== null && $this->userSession->isLoggedIn()) {
- $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+ $location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index 6a6795a8e82..83a30def6b8 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -503,7 +503,7 @@ class LoginControllerTest extends TestCase {
->method('getUID')
->will($this->returnValue('jane'));
$password = 'secret';
- $originalUrl = 'another%20url';
+ $originalUrl = 'another url';
$redirectUrl = 'http://localhost/another url';
$this->request
@@ -545,7 +545,7 @@ class LoginControllerTest extends TestCase {
$this->request,
$user,
$password,
- '%2Fapps%2Fmail'
+ '/apps/mail'
);
$loginResult = LoginResult::success($loginData);
$this->chain->expects($this->once())
@@ -561,7 +561,7 @@ class LoginControllerTest extends TestCase {
->will($this->returnValue($redirectUrl));
$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
- $response = $this->loginController->tryLogin($user, $password, '%2Fapps%2Fmail');
+ $response = $this->loginController->tryLogin($user, $password, '/apps/mail');
$this->assertEquals($expected, $response);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 20:57:13 +0300