[Security] Strengthen comparison of target_url vs login_path #19026
Conversation
|
Looks good to me 👍 Status: Reviewed |
|
Not sure on this one.. but shouldn't we consider trailing slash normalization since the router, AFAIK, has some issues with it (#18702) |
|
Minor issue, but there is a type in the test name: ('That' --> 'Than')
should be:
|
|
@mrzard i think it's a problem we cant fix.. as we cant determine the I foresee some nasty side effects, but im not sure as i havent tested it, i.e. it needs to be reproduced first to properly document what no to do :-) |
|
Thank you @mrzard. |
…n_path (mrzard) This PR was merged into the 3.3-dev branch. Discussion ---------- [Security] Strengthen comparison of target_url vs login_path | Q | A | | --- | --- | | Branch? | "master" | | Bug fix? | no | | New feature? | no | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #18862 | | License | MIT | | Doc PR | | Commits ------- ac9d75a [Security] Strengthen comparison of target_url vs login_path
…abpot) This PR was squashed before being merged into the 2.7 branch (closes #23580). Discussion ---------- Fix login redirect when referer contains a query string | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19026, #23027, #23061, #23411, #23551 | License | MIT | Doc PR | n/a In 3.3, #19026 was merged to fix a bug that should have been fixed in 2.7. The fix was wrong anyway, so this PR fixes it the proper way. The first two commits refactors test (using mocks for data objects is a bad idea and using too many mocks actually makes tests test nothing). The actual fix is in the third commit. Commits ------- 022ac0b [Security] added more tests 9c7a140 [Security] fixed default target path when referer contains a query string b1f1ae2 [Security] simplified tests 3387612 [Security] refactored tests
Uh oh!
There was an error while loading. Please reload this page.