Difference between revisions of "Redirects to external URLs are not allowed by default"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to navigation Jump to search
(Created page with "<hide> page type::article thing type::error message returned by::Drupal category:error messages </hide> * '''Full message''': Redirects to external URLs are no...")
 
(code)
Line 8: Line 8:
 
* '''Found in''': Drupal 8.1.3
 
* '''Found in''': Drupal 8.1.3
 
* '''Discussion''': [https://plus.google.com/u/0/102282887764745350285/posts/LRH13xU3UaD Google+]
 
* '''Discussion''': [https://plus.google.com/u/0/102282887764745350285/posts/LRH13xU3UaD Google+]
 +
 +
A patch which solves this problem (probably needs further work/discussion before turning it into a patch) is in two parts:
 +
==Part One==
 +
'''File''': {drupal}/core/lib/Drupal/Core/DrupalKernel.php, function initializeRequestGlobals():
 +
<php>
 +
  protected function initializeRequestGlobals(Request $request) {
 +
    global $base_url;
 +
    // Set and derived from $base_url by this function.
 +
    global /*$base_path,*/ $base_root;
 +
    global $base_secure_url, $base_insecure_url;
 +
    // 2016-07-04 Woozle patch for when the URL doesn't match the filename
 +
    global $base_path_override;
 +
 +
    /* Woozle notes (attempt to document/regularize meaning of globals):
 +
      INPUT:
 +
$base_path_override ([W new] optional): correct /path/ from domain to Drupal
 +
  * Set this if Drupal detects it wrong. (That happens here.)
 +
      INTERNAL ([W mod: was global])
 +
$base_path /path/ from domain to Drupal
 +
  * with trailing slash
 +
  * see NOTE - may be calculated internally or set externally
 +
      OUTPUT:
 +
$base_root: protocol://domain
 +
  * no trailing slash
 +
  * only http and https supported for protocol
 +
$base_url: [$base_root]/path
 +
  * no trailing slash
 +
  * if Drupal installed in root folder, this should be same as $base_root
 +
$base_secure_url https://domain/path
 +
  * calculated from $base_url
 +
  * no trailing slash
 +
$base_insecure_url http://domain/path
 +
  * calculated from $base_url
 +
  * no trailing slash
 +
      NOTE:
 +
* If $base_path_override is set, then:
 +
  * $base_path = $base_path_override
 +
  * $base_url = $base_root + $base_path - [trailing slash]
 +
* If $base_path_override is NOT set, then:
 +
  * The same basic logic applies, but it's more complicated.
 +
    */
 +
 +
    // Create base URL.
 +
    $base_root = $request->getSchemeAndHttpHost();
 +
 +
    if (isset($base_path_override)) {
 +
$base_path  = $base_path_override;
 +
$base_path_slashless = rtrim($base_path,'/');
 +
$base_url = $base_root.$base_path_slashless;
 +
    } else {
 +
// [Wzl - existing code] try to guess the base URL from the script's filename
 +
$base_url = $base_root;
 +
// For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
 +
// '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
 +
if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) {
 +
  // Remove "core" directory if present, allowing install.php,
 +
  // authorize.php, and others to auto-detect a base path.
 +
  $core_position = strrpos($dir, '/core');
 +
  if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
 +
    $base_path = substr($dir, 0, $core_position);
 +
  }
 +
  else {
 +
    $base_path = $dir;
 +
  }
 +
  $base_url .= $base_path;
 +
  $base_path .= '/';
 +
}
 +
else {
 +
  $base_path = '/';
 +
}
 +
$domain_url = $base_url;
 +
    }
 +
    $base_secure_url = str_replace('http://', 'https://', $base_url);
 +
    $base_insecure_url = str_replace('https://', 'http://', $base_url);
 +
  }
 +
</php>
 +
==Part Two==
 +
'''File''': {drupal}/sites/default/settings.php -- add the following:
 +
<php>
 +
global $base_path_override;
 +
$base_path_override = '/';
 +
</php>
 +
 +
(This assumes you have .htaccess configured to put Drupal in http://domain.name/ (root) rather than in some other subfolder. Adjust as necessary.)
 +
 +
This doesn't fix ''all'' the problems, but it does make forms work again. I am working on a forum post to try and fix this issue completely.

Revision as of 01:07, 6 July 2016

  • Full message: Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.
  • Found in: Drupal 8.1.3
  • Discussion: Google+

A patch which solves this problem (probably needs further work/discussion before turning it into a patch) is in two parts:

Part One

File: {drupal}/core/lib/Drupal/Core/DrupalKernel.php, function initializeRequestGlobals(): <php> 

 protected function initializeRequestGlobals(Request $request) {
   global $base_url;
   // Set and derived from $base_url by this function.
   global /*$base_path,*/ $base_root;
   global $base_secure_url, $base_insecure_url;
   // 2016-07-04 Woozle patch for when the URL doesn't match the filename
   global $base_path_override;

   /* Woozle notes (attempt to document/regularize meaning of globals):
     INPUT:

$base_path_override ([W new] optional): correct /path/ from domain to Drupal * Set this if Drupal detects it wrong. (That happens here.) 

     INTERNAL ([W mod: was global])

$base_path /path/ from domain to Drupal * with trailing slash * see NOTE - may be calculated internally or set externally 

     OUTPUT:

$base_root: protocol://domain * no trailing slash * only http and https supported for protocol $base_url: [$base_root]/path * no trailing slash * if Drupal installed in root folder, this should be same as $base_root $base_secure_url https://domain/path * calculated from $base_url * no trailing slash $base_insecure_url http://domain/path * calculated from $base_url * no trailing slash 

     NOTE:

* If $base_path_override is set, then: * $base_path = $base_path_override * $base_url = $base_root + $base_path - [trailing slash] * If $base_path_override is NOT set, then: * The same basic logic applies, but it's more complicated. 

   */

   // Create base URL.
   $base_root = $request->getSchemeAndHttpHost();

   if (isset($base_path_override)) {

$base_path = $base_path_override; $base_path_slashless = rtrim($base_path,'/'); $base_url = $base_root.$base_path_slashless; 

   } else {

// [Wzl - existing code] try to guess the base URL from the script's filename $base_url = $base_root; // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'. if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) { // Remove "core" directory if present, allowing install.php, // authorize.php, and others to auto-detect a base path. $core_position = strrpos($dir, '/core'); if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) { $base_path = substr($dir, 0, $core_position); } else { $base_path = $dir; } $base_url .= $base_path; $base_path .= '/'; } else { $base_path = '/'; } $domain_url = $base_url; 

   }
   $base_secure_url = str_replace('http://', 'https://', $base_url);
   $base_insecure_url = str_replace('https://', 'http://', $base_url);
 }

</php>

Part Two

File: {drupal}/sites/default/settings.php -- add the following: <php> global $base_path_override; $base_path_override = '/'; </php>

(This assumes you have .htaccess configured to put Drupal in http://domain.name/ (root) rather than in some other subfolder. Adjust as necessary.)

This doesn't fix all the problems, but it does make forms work again. I am working on a forum post to try and fix this issue completely.

Retrieved from "https://htyp.org/mw/index.php?title=Redirects_to_external_URLs_are_not_allowed_by_default&oldid=21888"