diegods/homelabdspbx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[login] fix url redirection (#6325)

Browse Source 
* prevent open redirection attack
This commit is contained in:
agree
2022-03-10 22:10:16 -05:00
committed by GitHub
parent df1bed913c
commit 81666dd882
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/check_auth.php
+11 -1
View File
@@ -297,7 +297,17 @@
//if logged in, redirect to login destination //if logged in, redirect to login destination
if (!isset($_REQUEST["key"])) { if (!isset($_REQUEST["key"])) {
if (isset($_SESSION['login']['destination']['url'])) { if (isset($_SESSION['redirect_path'])) {
$redirect_path = $_SESSION['redirect_path'];
unset($_SESSION['redirect_path']);
// prevent open redirect attacks. redirect url shouldn't contain a hostname
$parsed_url = parse_url($redirect_path);
if ($parsed_url['host']) {
die("Was someone trying to hack you?");
}
header("Location: ".$redirect_path);
}
elseif (isset($_SESSION['login']['destination']['url'])) {
header("Location: ".$_SESSION['login']['destination']['url']); header("Location: ".$_SESSION['login']['destination']['url']);
} elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) { } elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
header("Location: ".PROJECT_PATH."/core/dashboard/"); header("Location: ".PROJECT_PATH."/core/dashboard/");
resources/login.php
+4
View File
@@ -254,6 +254,10 @@
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/"; $_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/";
} }
if (strlen($_REQUEST['path']) > 0) {
$_SESSION['redirect_path'] = $_REQUEST['path'];
}
//add the header //add the header
$document['title'] = $text['title-login']; $document['title'] = $text['title-login'];
include "resources/header.php"; include "resources/header.php";