public function RedirectLeadingSlashesSubscriber::redirect in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/EventSubscriber/RedirectLeadingSlashesSubscriber.php \Drupal\Core\EventSubscriber\RedirectLeadingSlashesSubscriber::redirect()
Redirects paths starting with multiple slashes to a single slash.
Parameters
\Symfony\Component\HttpKernel\Event\RequestEvent $event: The RequestEvent to process.
File
- core/
lib/ Drupal/ Core/ EventSubscriber/ RedirectLeadingSlashesSubscriber.php, line 21
Class
- RedirectLeadingSlashesSubscriber
- Redirects paths starting with multiple slashes to a single slash.
Namespace
Drupal\Core\EventSubscriberCode
public function redirect(RequestEvent $event) {
$request = $event
->getRequest();
// Get the requested path minus the base path.
$path = $request
->getPathInfo();
// It is impossible to create a link or a route to a path starting with
// multiple leading slashes. However if a form is added to the 404 page that
// submits back to the same URI this presents an open redirect
// vulnerability. Also, Drupal 7 renders the same page for
// http://www.example.org/foo and http://www.example.org////foo.
if (strpos($path, '//') === 0) {
$path = '/' . ltrim($path, '/');
$qs = $request
->getQueryString();
if ($qs) {
$qs = '?' . $qs;
}
$event
->setResponse(new CacheableRedirectResponse($request
->getUriForPath($path) . $qs));
}
}