You are here

Home » API reference » Drupal 9 » RedirectLeadingSlashesSubscriber.php » RedirectLeadingSlashesSubscriber

public function RedirectLeadingSlashesSubscriber::redirect in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/EventSubscriber/RedirectLeadingSlashesSubscriber.php \Drupal\Core\EventSubscriber\RedirectLeadingSlashesSubscriber::redirect()

Redirects paths starting with multiple slashes to a single slash.

Parameters

\Symfony\Component\HttpKernel\Event\RequestEvent $event: The RequestEvent to process.

File

core/lib/Drupal/Core/EventSubscriber/RedirectLeadingSlashesSubscriber.php, line 21

Class

RedirectLeadingSlashesSubscriber
Redirects paths starting with multiple slashes to a single slash.

Namespace

Drupal\Core\EventSubscriber

Code

public function redirect(RequestEvent $event) {
  $request = $event
    ->getRequest();

  // Get the requested path minus the base path.
  $path = $request
    ->getPathInfo();

  // It is impossible to create a link or a route to a path starting with
  // multiple leading slashes. However if a form is added to the 404 page that
  // submits back to the same URI this presents an open redirect
  // vulnerability. Also, Drupal 7 renders the same page for
  // http://www.example.org/foo and http://www.example.org////foo.
  if (strpos($path, '//') === 0) {
    $path = '/' . ltrim($path, '/');
    $qs = $request
      ->getQueryString();
    if ($qs) {
      $qs = '?' . $qs;
    }
    $event
      ->setResponse(new CacheableRedirectResponse($request
      ->getUriForPath($path) . $qs));
  }
}