wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[CORE][Form] Add facilities for automattically adding a _next field to all forms, which can be customized by the in Form::create and defaults to the current URL. Usage of RedirectedException should mostly be replaced with Form::forceRedirect

Browse Source
This commit is contained in:
Hugo Sales 2022-03-04 15:12:35 +00:00 committed by Diogo Peralta Cordeiro
parent d629976322
commit 6ddc176faf
No known key found for this signature in database
GPG Key ID: 18D2D35001FBFAB0
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/Form.php
View File

@ -33,8 +33,10 @@ declare(strict_types = 1);
namespace App\Core;
use App\Core\DB\DB;
use function App\Core\I18n\_m;
use App\Core\Router\Router;
use App\Util\Common;
use App\Util\Exception\ClientException;
use App\Util\Exception\RedirectException;
use App\Util\Exception\ServerException;
use App\Util\Formatting;
@ -45,6 +47,7 @@ use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\Form\FormInterface as SymfFormInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
/**
* This class converts our own form representation to Symfony's
@ -224,11 +227,10 @@ abstract class Form
$next = mb_substr($next, 0, $pos);
}
Router::match($next);
$next = $next . ($fragment ?? '');
return new RedirectResponse(url: $next . ($fragment ?? ''));
} catch (ResourceNotFoundException $e) {
$user = Common::user();
$user_id = \is_null($user) ? $user->getId() : '(not logged in)';
$user_id = !\is_null($user) ? $user->getId() : '(not logged in)';
Log::warning("Suspicious activity: User with ID {$user_id} submitted a form where the `_next` parameter is not a valid local URL ({$next})");
throw new ClientException(_m('Invalid form submission'), $e);
}