3 namespace Drupal\Core\EventSubscriber;
5 use Drupal\Core\Cache\CacheableRedirectResponse;
6 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
7 use Symfony\Component\HttpKernel\KernelEvents;
8 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
11 * Redirects paths starting with multiple slashes to a single slash.
13 class RedirectLeadingSlashesSubscriber implements EventSubscriberInterface {
16 * Redirects paths starting with multiple slashes to a single slash.
18 * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
19 * The GetResponseEvent to process.
21 public function redirect(GetResponseEvent $event) {
22 $request = $event->getRequest();
23 // Get the requested path minus the base path.
24 $path = $request->getPathInfo();
26 // It is impossible to create a link or a route to a path starting with
27 // multiple leading slashes. However if a form is added to the 404 page that
28 // submits back to the same URI this presents an open redirect
29 // vulnerability. Also, Drupal 7 renders the same page for
30 // http://www.example.org/foo and http://www.example.org////foo.
31 if (strpos($path, '//') === 0) {
32 $path = '/' . ltrim($path, '/');
33 $qs = $request->getQueryString();
37 $event->setResponse(new CacheableRedirectResponse($request->getUriForPath($path) . $qs));
44 public static function getSubscribedEvents() {
45 $events[KernelEvents::REQUEST][] = ['redirect', 1000];