[BUGFIX] Allow relative URLs in locationHeaderUrl 32/58732/4
authorSusanne Moog <susanne.moog@typo3.org>
Thu, 25 Oct 2018 20:18:45 +0000 (22:18 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 27 Oct 2018 16:06:54 +0000 (18:06 +0200)
Resolves: #81720
Releases: master, 8.7
Change-Id: I099c905bf335a13fafa920c2849fd88971dc0e44
Reviewed-on: https://review.typo3.org/58732
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php

index fbe1de0..c6a5518 100644 (file)
@@ -2632,14 +2632,21 @@ class GeneralUtility
      */
     public static function locationHeaderUrl($path)
     {
-        $uI = parse_url($path);
+        if (strpos($path, '//') === 0) {
+            return $path;
+        }
+
         // relative to HOST
-        if ($path[0] === '/') {
-            $path = self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
-        } elseif (!$uI['scheme']) {
+        if (strpos($path, '/') === 0) {
+            return self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
+        }
+
+        $urlComponents = parse_url($path);
+        if (!($urlComponents['scheme'] ?? false)) {
             // No scheme either
-            $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
+            return self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
         }
+
         return $path;
     }
 
@@ -2871,7 +2878,7 @@ class GeneralUtility
                         ? ($_SERVER['ORIG_PATH_INFO'] ?: $_SERVER['PATH_INFO'])
                         : ($_SERVER['ORIG_SCRIPT_NAME'] ?: $_SERVER['SCRIPT_NAME']);
                 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
-                if (self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
+                if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
                     if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
                         $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
                     } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
@@ -3054,7 +3061,7 @@ class GeneralUtility
                 $retVal = substr(self::getIndpEnv('TYPO3_REQUEST_URL'), strlen(self::getIndpEnv('TYPO3_SITE_URL')));
                 break;
             case 'TYPO3_SSL':
-                $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']);
+                $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL'] ?? null);
                 if ($proxySSL === '*') {
                     $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
                 }
index f9eb826..8de3aca 100644 (file)
@@ -70,7 +70,10 @@ class GeneralUtilityTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
     protected function tearDown()
     {
         GeneralUtility::resetSingletonInstances($this->singletonInstances);
-        ExtensionManagementUtilityAccessibleProxy::setPackageManager($this->backupPackageManager);
+        GeneralUtility::flushInternalRuntimeCaches();
+        if ($this->backupPackageManager) {
+            ExtensionManagementUtilityAccessibleProxy::setPackageManager($this->backupPackageManager);
+        }
         parent::tearDown();
     }
 
@@ -5017,4 +5020,51 @@ class GeneralUtilityTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
 
         $requestFactory->request(Argument::any(), Argument::any(), ['headers' => $expectedHeaders])->shouldHaveBeenCalled();
     }
+
+    public function locationHeaderUrlDataProvider(): array
+    {
+        return [
+            'simple relative path' => [
+                'foo',
+                'foo.bar.test',
+                'http://foo.bar.test/foo'
+            ],
+            'path beginning with slash' => [
+                '/foo',
+                'foo.bar.test',
+                'http://foo.bar.test/foo'
+            ],
+            'path with full domain and https scheme' => [
+                'https://example.com/foo',
+                'foo.bar.test',
+                'https://example.com/foo'
+            ],
+            'path with full domain and http scheme' => [
+                'http://example.com/foo',
+                'foo.bar.test',
+                'http://example.com/foo'
+            ],
+            'path with full domain and relative scheme' => [
+                '//example.com/foo',
+                'foo.bar.test',
+                '//example.com/foo'
+            ],
+        ];
+    }
+
+    /**
+     * @test
+     * @param string $path
+     * @param string $host
+     * @param string $expected
+     * @dataProvider locationHeaderUrlDataProvider
+     * @throws \TYPO3\CMS\Core\Exception
+     */
+    public function locationHeaderUrl($path, $host, $expected)
+    {
+        $_SERVER['HTTP_HOST'] = $host;
+        $_SERVER['SCRIPT_NAME'] = '/index.php';
+        $result = GeneralUtility::locationHeaderUrl($path);
+        self::assertSame($expected, $result);
+    }
 }