Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

🐛 Fixed infinite redirect when subdirectory equals top level domain (#9621)

Browse source 
closes https://github.com/TryGhost/Ghost/issues/9620

- adjust the `deduplicateSubDir` function's regex to only match duplicate subdirectories when the `url` is only a path rather than full url or the duplicate match starts with a `/`
This commit is contained in:
Kevin Ansfield 2018-05-28 11:18:34 +01:00 committed by Katharina Irrgang
parent 371160eb8f
commit 6c1e5511fc
3 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/server/services/url/utils.js
View file

@ -63,9 +63,11 @@ function deduplicateSubDir(url) {
} }
subDir = subDir.replace(/^\/|\/+$/, ''); subDir = subDir.replace(/^\/|\/+$/, '');
subDirRegex = new RegExp(subDir + '\/' + subDir + '\/'); // we can have subdirs that match TLDs so we need to restrict matches to
// duplicates that start with a / or the beginning of the url
subDirRegex = new RegExp('(^|\/)' + subDir + '\/' + subDir + '\/');
return url.replace(subDirRegex, subDir + '/'); return url.replace(subDirRegex, '$1' + subDir + '/');
} }
function getProtectedSlugs() { function getProtectedSlugs() {

2
core/server/web/middleware/url-redirects.js
View file

@ -37,7 +37,7 @@ _private.getAdminRedirectUrl = function getAdminRedirectUrl(options) {
queryParameters = options.queryParameters, queryParameters = options.queryParameters,
secure = options.secure; secure = options.secure;
debug('getAdminRedirectUrl', requestedHost, requestedUrl, adminHostWithProtocol); debug('getAdminRedirectUrl', requestedHost, requestedUrl, adminHostWithoutProtocol, blogHostWithoutProtocol, urlService.utils.urlJoin(blogHostWithoutProtocol, 'ghost/'));
// CASE: we only redirect the admin access if `admin.url` is configured // CASE: we only redirect the admin access if `admin.url` is configured
// If url and admin.url are not equal AND the requested host does not match, redirect. // If url and admin.url are not equal AND the requested host does not match, redirect.

6
core/test/unit/services/url/utils_spec.js
View file

@ -92,6 +92,12 @@ describe('Url', function () {
urlService.utils.urlJoin('my/blog', 'my/blog/about').should.equal('my/blog/about'); urlService.utils.urlJoin('my/blog', 'my/blog/about').should.equal('my/blog/about');
urlService.utils.urlJoin('my/blog/', 'my/blog/about').should.equal('my/blog/about'); urlService.utils.urlJoin('my/blog/', 'my/blog/about').should.equal('my/blog/about');
}); });
it('should handle subdir matching tld', function () {
configUtils.set({url: 'http://ghost.blog/blog'});
urlService.utils.urlJoin('ghost.blog/blog', 'ghost/').should.equal('ghost.blog/blog/ghost/');
urlService.utils.urlJoin('ghost.blog', 'blog', 'ghost/').should.equal('ghost.blog/blog/ghost/');
});
}); });
describe('urlFor', function () { describe('urlFor', function () {