lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-07-15 14:54:57 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Improving IsLocalUrl

Browse Source
This commit is contained in:
Sebastien Ros 2017-01-24 08:50:12 -08:00
parent 8bd74c947e
commit 68c10bce60
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Orchard.Tests/Utility/Extensions/HttpRequestExtensionsTests.cs
View File

@ -21,6 +21,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("//"), Is.False);
Assert.That(request.IsLocalUrl(" //"), Is.False);
}
[Test]
@ -28,6 +29,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("/\\"), Is.False);
Assert.That(request.IsLocalUrl(" /\\"), Is.False);
}
[Test]
@ -35,6 +37,7 @@ namespace Orchard.Tests.Utility.Extensions {
var request = new StubHttpRequest();
Assert.That(request.IsLocalUrl("/"), Is.True);
Assert.That(request.IsLocalUrl("\t/"), Is.True);
Assert.That(request.IsLocalUrl("/контакты"), Is.True);
Assert.That(request.IsLocalUrl("/ "), Is.True);
Assert.That(request.IsLocalUrl("/abc-def"), Is.True);
@ -48,6 +51,19 @@ namespace Orchard.Tests.Utility.Extensions {
Assert.That(request.IsLocalUrl("http://localhost"), Is.True);
}
[Test]
public void IsLocalUrlShouldReturnFalseForNonHttpSchemes() {
var request = new StubHttpRequest();
request.Headers.Add("Host", "localhost");
Assert.That(request.IsLocalUrl("http://localhost"), Is.True);
Assert.That(request.IsLocalUrl("https://localhost"), Is.True);
Assert.That(request.IsLocalUrl("httpx://localhost"), Is.True);
Assert.That(request.IsLocalUrl("foo://localhost"), Is.True);
Assert.That(request.IsLocalUrl("data://localhost"), Is.True);
Assert.That(request.IsLocalUrl("data://localhost"), Is.True);
}
[Test]
public void IsLocalUrlShouldReturnFalseWhenAuthoritiesDiffer() {
var request = new StubHttpRequest();

8
src/Orchard/Utility/Extensions/HttpRequestExtensions.cs
View File

@ -72,6 +72,8 @@ namespace Orchard.Utility.Extensions {
return false;
}
url = url.Trim();
if (url.StartsWith("~/")) {
return true;
}
@ -88,6 +90,12 @@ namespace Orchard.Utility.Extensions {
// at this point, check for an fully qualified url
try {
var uri = new Uri(url);
if (!uri.Scheme.Equals(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase)
&& !uri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase)) {
return false;
}
if (uri.Authority.Equals(request.Headers["Host"], StringComparison.OrdinalIgnoreCase)) {
return true;
}