"Fossies" - the Fresh Open Source Software Archive

Member "drupal-8.9.10/core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php" (26 Nov 2020, 2092 Bytes) of package /linux/www/drupal-8.9.10.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "SecuredRedirectResponse.php" see the Fossies "Dox" file reference documentation.

    1 <?php
    2 
    3 namespace Drupal\Component\HttpFoundation;
    4 
    5 use Symfony\Component\HttpFoundation\RedirectResponse;
    6 
    7 /**
    8  * Provides a common base class for safe redirects.
    9  *
   10  * In case you want to redirect to external URLs use
   11  * TrustedRedirectResponse.
   12  *
   13  * For local URLs we use LocalRedirectResponse which opts
   14  * out of external redirects.
   15  */
   16 abstract class SecuredRedirectResponse extends RedirectResponse {
   17 
   18   /**
   19    * Copies an existing redirect response into a safe one.
   20    *
   21    * The safe one cannot accidentally redirect to an external URL, unless
   22    * actively wanted (see TrustedRedirectResponse).
   23    *
   24    * @param \Symfony\Component\HttpFoundation\RedirectResponse $response
   25    *   The original redirect.
   26    *
   27    * @return static
   28    */
   29   public static function createFromRedirectResponse(RedirectResponse $response) {
   30     $safe_response = new static($response->getTargetUrl(), $response->getStatusCode(), $response->headers->allPreserveCase());
   31     $safe_response->fromResponse($response);
   32     return $safe_response;
   33   }
   34 
   35   /**
   36    * Copies over the values from the given response.
   37    *
   38    * @param \Symfony\Component\HttpFoundation\RedirectResponse $response
   39    *   The redirect response object.
   40    */
   41   protected function fromResponse(RedirectResponse $response) {
   42     $this->setProtocolVersion($response->getProtocolVersion());
   43     if ($response->getCharset()) {
   44       $this->setCharset($response->getCharset());
   45     }
   46     // Cookies are separate from other headers and have to be copied over
   47     // directly.
   48     foreach ($response->headers->getCookies() as $cookie) {
   49       $this->headers->setCookie($cookie);
   50     }
   51   }
   52 
   53   /**
   54    * {@inheritdoc}
   55    */
   56   public function setTargetUrl($url) {
   57     if (!$this->isSafe($url)) {
   58       throw new \InvalidArgumentException(sprintf('It is not safe to redirect to %s', $url));
   59     }
   60     return parent::setTargetUrl($url);
   61   }
   62 
   63   /**
   64    * Returns whether the URL is considered as safe to redirect to.
   65    *
   66    * @param string $url
   67    *   The URL checked for safety.
   68    *
   69    * @return bool
   70    */
   71   abstract protected function isSafe($url);
   72 
   73 }