summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>2020-04-10 08:50:15 +0200
committerJohn Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>2020-04-10 08:58:54 +0200
commit6c49dc2d1f602752831901a4202a87806f7e4732 (patch)
tree205b81a1ddd55d4ce8f72529b40b3a02687b9ff6
parentb68680596d3dfec4a156a1ce3224ea9c1c8f272c (diff)
downloadnextcloud-server-6c49dc2d1f602752831901a4202a87806f7e4732.tar.gz
nextcloud-server-6c49dc2d1f602752831901a4202a87806f7e4732.zip
Fix absolute redirect
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
-rw-r--r--core/Controller/LoginController.php2
-rw-r--r--tests/Core/Controller/LoginControllerTest.php8
2 files changed, 5 insertions, 5 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index b3f7bb310ba..60fd22bd0d1 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -260,7 +260,7 @@ class LoginController extends Controller {
private function generateRedirect(?string $redirectUrl): RedirectResponse {
if ($redirectUrl !== null && $this->userSession->isLoggedIn()) {
- $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+ $location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index 80be53ed26d..e9d4a89aa7d 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -509,7 +509,7 @@ class LoginControllerTest extends TestCase {
->method('getUID')
->willReturn('jane');
$password = 'secret';
- $originalUrl = 'another%20url';
+ $originalUrl = 'another url';
$redirectUrl = 'http://localhost/another url';
$this->request
@@ -551,7 +551,7 @@ class LoginControllerTest extends TestCase {
$this->request,
$user,
$password,
- '%2Fapps%2Fmail'
+ '/apps/mail'
);
$loginResult = LoginResult::success($loginData);
$this->chain->expects($this->once())
@@ -563,11 +563,11 @@ class LoginControllerTest extends TestCase {
->willReturn(true);
$this->urlGenerator->expects($this->once())
->method('getAbsoluteURL')
- ->with(urldecode('/apps/mail'))
+ ->with('/apps/mail')
->willReturn($redirectUrl);
$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
- $response = $this->loginController->tryLogin($user, $password, '%2Fapps%2Fmail');
+ $response = $this->loginController->tryLogin($user, $password, '/apps/mail');
$this->assertEquals($expected, $response);
}