Infinite recursion protections

Adds sanity checks to prevent unanticipated internal infinite recursions (now throws Exceptions with helpful messages; previously timed out or hit memory limits)
silverstripe · Oct 16, 2023 · 88676bf · 88676bf
1 parent f315bfd
commit 88676bf
Showing 1 changed file with 27 additions and 2 deletions.
diff --git a/src/Controllers/ShareDraftController.php b/src/Controllers/ShareDraftController.php
@@ -52,6 +52,11 @@ class ShareDraftController extends Controller
      */
     protected static $isViewingPreview = false;
 
+    /**
+     * @var array
+     */
+    private $redirectRecursionIterations = [];
+
     /**
      * @return bool
      */
@@ -172,8 +177,8 @@ private function getRenderedPageByURL(string $url): HTTPResponse
         $variables['_SERVER']['HTTP_USER_AGENT'] =
             isset($variables['_SERVER']['HTTP_USER_AGENT']) &&
             $variables['_SERVER']['HTTP_USER_AGENT']
-            ? $variables['_SERVER']['HTTP_USER_AGENT']
-            : 'CLI';
+                ? $variables['_SERVER']['HTTP_USER_AGENT']
+                : 'CLI';
 
         Environment::setVariables($variables);
 
@@ -183,6 +188,15 @@ private function getRenderedPageByURL(string $url): HTTPResponse
         $response = Director::singleton()->handleRequest($pageRequest);
 
         if ($response->isRedirect()) {
+            if (in_array($url, $this->redirectRecursionIterations)) {
+                throw new \Exception("Infinite recursion detected.".$this->getRedirectRecursionIterationsLog($url));
+            }
+
+            $this->redirectRecursionIterations[] = $url;
+            if (count($this->redirectRecursionIterations) >= 30) {
+                throw new \Exception("Max redirect recursions reached.".$this->getRedirectRecursionIterationsLog());
+            }
+
             // The redirect will probably be Absolute URL so just want the path
             $newUrl = parse_url($response->getHeader('location') ?? '', PHP_URL_PATH);
 
@@ -192,6 +206,17 @@ private function getRenderedPageByURL(string $url): HTTPResponse
         return $response;
     }
 
+    /**
+     * @param string $append_url
+     * @return string
+     */
+    protected function getRedirectRecursionIterationsLog(string $append_url=''): string
+    {
+        return "\n\nRedirected URLs stack: \n"
+            . implode("\n", $this->redirectRecursionIterations)
+            . ($append_url ? "\n$append_url" : '');
+    }
+
     /**
      * @return DBHTMLText
      */