lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-01-18 19:51:45 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Improving IsLocalUrl

Browse Source
This commit is contained in:
Sebastien Ros
2017-01-24 08:50:12 -08:00
parent 8bd74c947e
commit 68c10bce60
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/Orchard.Tests/Utility/Extensions/HttpRequestExtensionsTests.cs
View File

@@ -6,7 +6,7 @@ using Orchard.Utility.Extensions;
namespace Orchard.Tests.Utility.Extensions { namespace Orchard.Tests.Utility.Extensions {
[TestFixture] [TestFixture]
public class HttpRequestExtensionsTests { public class HttpRequestExtensionsTests {
[Test] [Test]
public void IsLocalUrlShouldReturnFalseWhenUrlIsNullOrEmpty() { public void IsLocalUrlShouldReturnFalseWhenUrlIsNullOrEmpty() {
var request = new StubHttpRequest(); var request = new StubHttpRequest();
@@ -21,6 +21,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest(); var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("//"), Is.False); Assert.That(request.IsLocalUrl("//"), Is.False);
Assert.That(request.IsLocalUrl(" //"), Is.False);
} }
[Test] [Test]
@@ -28,6 +29,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest(); var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("/\\"), Is.False); Assert.That(request.IsLocalUrl("/\\"), Is.False);
Assert.That(request.IsLocalUrl(" /\\"), Is.False);
} }
[Test] [Test]
@@ -35,6 +37,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest(); var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("/"), Is.True); Assert.That(request.IsLocalUrl("/"), Is.True);
Assert.That(request.IsLocalUrl("\t/"), Is.True);
Assert.That(request.IsLocalUrl("/контакты"), Is.True); Assert.That(request.IsLocalUrl("/контакты"), Is.True);
Assert.That(request.IsLocalUrl("/ "), Is.True); Assert.That(request.IsLocalUrl("/ "), Is.True);
Assert.That(request.IsLocalUrl("/abc-def"), Is.True); Assert.That(request.IsLocalUrl("/abc-def"), Is.True);
@@ -48,6 +51,19 @@ namespace Orchard.Tests.Utility.Extensions {
Assert.That(request.IsLocalUrl("http://localhost"), Is.True); Assert.That(request.IsLocalUrl("http://localhost"), Is.True);
} }
[Test]
public void IsLocalUrlShouldReturnFalseForNonHttpSchemes() {
var request = new StubHttpRequest();
request.Headers.Add("Host", "localhost");
Assert.That(request.IsLocalUrl("http://localhost"), Is.True);
Assert.That(request.IsLocalUrl("https://localhost"), Is.True);
Assert.That(request.IsLocalUrl("httpx://localhost"), Is.True);
Assert.That(request.IsLocalUrl("foo://localhost"), Is.True);
Assert.That(request.IsLocalUrl("data://localhost"), Is.True);
Assert.That(request.IsLocalUrl("data://localhost"), Is.True);
}
[Test] [Test]
public void IsLocalUrlShouldReturnFalseWhenAuthoritiesDiffer() { public void IsLocalUrlShouldReturnFalseWhenAuthoritiesDiffer() {
var request = new StubHttpRequest(); var request = new StubHttpRequest();

8
src/Orchard/Utility/Extensions/HttpRequestExtensions.cs
View File

@@ -72,6 +72,8 @@ namespace Orchard.Utility.Extensions {
return false; return false;
} }
url = url.Trim();
if (url.StartsWith("~/")) { if (url.StartsWith("~/")) {
return true; return true;
} }
@@ -88,6 +90,12 @@ namespace Orchard.Utility.Extensions {
// at this point, check for an fully qualified url // at this point, check for an fully qualified url
try { try {
var uri = new Uri(url); var uri = new Uri(url);
if (!uri.Scheme.Equals(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase)
&& !uri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase)) {
return false;
}
if (uri.Authority.Equals(request.Headers["Host"], StringComparison.OrdinalIgnoreCase)) { if (uri.Authority.Equals(request.Headers["Host"], StringComparison.OrdinalIgnoreCase)) {
return true; return true;
} }