diff --git a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php index f88272c..5a4265e 100644 --- a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php @@ -8,7 +8,7 @@ namespace Drupal\Core\EventSubscriber; use Drupal\Component\Utility\UrlHelper; -use Drupal\Core\Routing\RedirectResponseToExternalUrl; +use Drupal\Core\Routing\RedirectResponseAllowExternalUrl; use Drupal\Core\Routing\RequestContext; use Drupal\Core\Routing\UrlGeneratorInterface; use InvalidArgumentException; @@ -100,8 +100,8 @@ public function checkRedirectUrl(FilterResponseEvent $event) { // URL is not external. In case this is wanted, check for a custom flag // on RedirectResponse. $url = $response->getTargetUrl(); - if (UrlHelper::isExternal($url) && !UrlHelper::externalIsLocal($url, $this->requestContext->getCompleteBaseUrl()) && !$response instanceof RedirectResponseToExternalUrl) { - $this->setBadRequestException($event, 'Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\RedirectResponseToExternalUrl for it'); + if (!$response instanceof RedirectResponseAllowExternalUrl && UrlHelper::isExternal($url) && !UrlHelper::externalIsLocal($url, $this->requestContext->getCompleteBaseUrl())) { + $this->setBadRequestException($event, 'Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\RedirectResponseAllowExternalUrl for it'); } } // Potentially thrown by UrlHelper::externalIsLocal(). diff --git a/core/lib/Drupal/Core/Routing/RedirectResponseToExternalUrl.php b/core/lib/Drupal/Core/Routing/RedirectResponseAllowExternalUrl.php similarity index 51% rename from core/lib/Drupal/Core/Routing/RedirectResponseToExternalUrl.php rename to core/lib/Drupal/Core/Routing/RedirectResponseAllowExternalUrl.php index a18e23f..4bbd94f 100644 --- a/core/lib/Drupal/Core/Routing/RedirectResponseToExternalUrl.php +++ b/core/lib/Drupal/Core/Routing/RedirectResponseAllowExternalUrl.php @@ -10,10 +10,13 @@ use \Symfony\Component\HttpFoundation\RedirectResponse; /** - * Overrides the symfony redirect response object to provide more security. + * Provides a redirect response which allows to redirect to an external URl. + * + * By default Drupal disables redirects to external URLs in order to provide + * better security. * * @see \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::checkRedirectUrl */ -class RedirectResponseToExternalUrl extends RedirectResponse { +class RedirectResponseAllowExternalUrl extends RedirectResponse { } diff --git a/core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php b/core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php index 57c95cb..3cf896e 100644 --- a/core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php +++ b/core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php @@ -8,7 +8,7 @@ namespace Drupal\Tests\Core\EventSubscriber; use Drupal\Core\EventSubscriber\RedirectResponseSubscriber; -use Drupal\Core\Routing\RedirectResponseToExternalUrl; +use Drupal\Core\Routing\RedirectResponseAllowExternalUrl; use Drupal\Core\Routing\RequestContext; use Drupal\Tests\UnitTestCase; use Symfony\Component\EventDispatcher\EventDispatcher; @@ -148,7 +148,7 @@ public function testDestinationRedirectToExternalUrl($request, $expected) { public function testRedirectWithOptInExternalUrl() { $dispatcher = new EventDispatcher(); $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'); - $response = new RedirectResponseToExternalUrl('http://external-url.com'); + $response = new RedirectResponseAllowExternalUrl('http://external-url.com'); $url_generator = $this->getMockBuilder('Drupal\Core\Routing\UrlGenerator') ->disableOriginalConstructor() ->setMethods(array('generateFromPath'))