Commit cad7dfbc authored by catch's avatar catch
Browse files

Issue #2852361 by Xano, smustgrave, pwolanin, mpdonadio, wolffereast,... 

Issue #2852361 by Xano, smustgrave, pwolanin, mpdonadio, wolffereast, ranjith_kumar_k_u, John Cook, xjm, alexpott: Ignore repeated slashes in the incoming path like Drupal <= 7

(cherry picked from commit 511778a7)
parent 9e5a9424

core/lib/Drupal/Core/EventSubscriber/RedirectLeadingSlashesSubscriber.php

+4 −4
Original line number Diff line number Diff line
@@ -8,12 +8,12 @@ 
use Symfony\Component\EventDispatcher\EventSubscriberInterface;



/**

 * Redirects paths starting with multiple slashes to a single slash.

 * Redirects paths containing successive slashes to those with single slashes.

 */

class RedirectLeadingSlashesSubscriber implements EventSubscriberInterface {



  /**

   * Redirects paths starting with multiple slashes to a single slash.

   * Redirects paths containing successive slashes to those with single slashes.

   *

   * @param \Symfony\Component\HttpKernel\Event\RequestEvent $event

   *   The RequestEvent to process.
@@ -28,8 +28,8 @@ public function redirect(RequestEvent $event) { 
    // submits back to the same URI this presents an open redirect

    // vulnerability. Also, Drupal 7 renders the same page for

    // http://www.example.org/foo and http://www.example.org////foo.

    if (strpos($path, '//') === 0) {

      $path = '/' . ltrim($path, '/');

    if (strpos($path, '//') !== FALSE) {

      $path = preg_replace('/\/+/', '/', $path);

      $qs = $request->getQueryString();

      if ($qs) {

        $qs = '?' . $qs;

core/modules/system/tests/src/Functional/Routing/RouterTest.php

+7 −6
Original line number Diff line number Diff line
@@ -319,17 +319,18 @@ public function testRouterUninstallInstall() { 
  }



  /**

   * Ensure that multiple leading slashes are redirected.

   * Ensure that multiple successive slashes are redirected.

   */

  public function testLeadingSlashes() {

  public function testSuccessiveSlashes() {

    $request = $this->container->get('request_stack')->getCurrentRequest();

    $url = $request->getUriForPath('//router_test/test1');



    // Test a simple path with successive leading slashes.

    $url = $request->getUriForPath('//////router_test/test1');

    $this->drupalGet($url);

    $this->assertSession()->addressEquals($request->getUriForPath('/router_test/test1'));



    // It should not matter how many leading slashes are used and query strings

    // should be preserved.

    $url = $request->getUriForPath('/////////////////////////////////////////////////router_test/test1') . '?qs=test';

    // Test successive slashes in the middle.

    $url = $request->getUriForPath('/router_test//////test1') . '?qs=test';

    $this->drupalGet($url);

    $this->assertSession()->addressEquals($request->getUriForPath('/router_test/test1') . '?qs=test');