ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 12378


Ignore:
Timestamp:
Jul 24, 2009, 11:23:39 AM (11 years ago)
Author:
ShogoKawahara
Message:

#4160:fixed opValidatorNextUri::doClean() to reject outside url

File:
1 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE3/trunk/lib/validator/opValidatorNextUri.class.php

    r10003 r12378  
    2222    parent::configure($options, $messages);
    2323    $this->setOption('required', false);
     24    $this->setOption('trim', true);
    2425    $this->setOption('empty_value', '@homepage');
     26    $this->addOption('logout_uri', 'member/logout');
    2527  }
    2628
     
    3032  protected function doClean($value)
    3133  {
     34    $clean = parent::doClean($value);
     35
    3236    $routing = sfContext::getInstance()->getRouting();
    33     $routeInfo = $routing->findRoute($value);
    3437
    35     if (sfConfig::get('sf_login_module') === $routeInfo['parameters']['module']
    36       && sfConfig::get('sf_login_action') === $routeInfo['parameters']['action'])
     38    $routeInfo = $routing->findRoute($clean);
     39    if ($routeInfo)
    3740    {
    38       return '@homepage';
     41      $module = $routeInfo['parameters']['module'];
     42      $action = $routeInfo['parameters']['action'];
     43    }
     44    else
     45    {
     46      return $this->getOption('empty_value');
    3947    }
    4048
    41     return $value;
     49    if ($this->getOption('logout_uri'))
     50    {
     51      $logoutRouteInfo = $routing->findRoute($this->getOption('logout_uri'));
     52      $logoutModule = $logoutRouteInfo['parameters']['module'];
     53      $logoutAction = $logoutRouteInfo['parameters']['action'];
     54      if ($logoutModule === $module &&  $logoutAction === $action)
     55      {
     56        return $this->getOption('empty_value');
     57      }
     58    }
     59
     60    if (sfConfig::get('sf_login_module') === $module && sfConfig::get('sf_login_action') === $action)
     61    {
     62      return $this->getOption('empty_value');
     63    }
     64
     65    return $clean;
    4266  }
    4367}
Note: See TracChangeset for help on using the changeset viewer.