X-Git-Url: https://yaffs.net/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Fsystem%2Fsrc%2FTests%2FRouting%2FRouterTest.php;h=8d7c43e86a883a2b06167a3a9d27dacb615ce771;hb=0bf8d09d2542548982e81a441b1f16e75873a04f;hp=83a9c55b39775589e2eeb1640f1b7eb36644df06;hpb=9917807b03b64faf00f6a1f29dcb6eafc454efa5;p=yaffs-website

diff --git a/web/core/modules/system/src/Tests/Routing/RouterTest.php b/web/core/modules/system/src/Tests/Routing/RouterTest.php
index 83a9c55b3..8d7c43e86 100644
--- a/web/core/modules/system/src/Tests/Routing/RouterTest.php
+++ b/web/core/modules/system/src/Tests/Routing/RouterTest.php
@@ -320,6 +320,13 @@ class RouterTest extends WebTestBase {
     $this->drupalGet($url);
     $this->assertEqual(1, $this->redirectCount, $url . " redirected to " . $this->url);
     $this->assertUrl($request->getUriForPath('/router_test/test1') . '?qs=test');
+
+    // Ensure that external URLs in destination query params are not redirected
+    // to.
+    $url = $request->getUriForPath('/////////////////////////////////////////////////router_test/test1') . '?qs=test&destination=http://www.example.com%5c@drupal8alt.test';
+    $this->drupalGet($url);
+    $this->assertEqual(1, $this->redirectCount, $url . " redirected to " . $this->url);
+    $this->assertUrl($request->getUriForPath('/router_test/test1') . '?qs=test');
   }
 
 }