[SS-2016-001] FIX Properly check backurl on CMSSecurity@success

This commit is contained in:
Daniel Hensby 2016-04-18 22:02:35 +01:00
parent 1f820b0b1c
commit 1ccd3926e3
No known key found for this signature in database
GPG Key ID: E38EC566FE29EB66

View File

@ -186,9 +186,16 @@ PHP
// Get redirect url // Get redirect url
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success')); $controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
$backURL = $this->request->requestVar('BackURL') $backURLs = array(
?: Session::get('BackURL') $this->getRequest()->requestVar('BackURL'),
?: Director::absoluteURL(AdminRootController::config()->url_base, true); Session::get('BackURL'),
Director::absoluteURL(AdminRootController::config()->url_base, true),
);
foreach ($backURLs as $backURL) {
if ($backURL && Director::is_site_url($backURL)) {
break;
}
}
// Show login // Show login
$controller = $controller->customise(array( $controller = $controller->customise(array(