mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success
This commit is contained in:
parent
1f820b0b1c
commit
1ccd3926e3
@ -186,9 +186,16 @@ PHP
|
||||
|
||||
// Get redirect url
|
||||
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
|
||||
$backURL = $this->request->requestVar('BackURL')
|
||||
?: Session::get('BackURL')
|
||||
?: Director::absoluteURL(AdminRootController::config()->url_base, true);
|
||||
$backURLs = array(
|
||||
$this->getRequest()->requestVar('BackURL'),
|
||||
Session::get('BackURL'),
|
||||
Director::absoluteURL(AdminRootController::config()->url_base, true),
|
||||
);
|
||||
foreach ($backURLs as $backURL) {
|
||||
if ($backURL && Director::is_site_url($backURL)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Show login
|
||||
$controller = $controller->customise(array(
|
||||
|
Loading…
Reference in New Issue
Block a user