mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success
This commit is contained in:
parent
1f820b0b1c
commit
1ccd3926e3
@ -186,9 +186,16 @@ PHP
|
|||||||
|
|
||||||
// Get redirect url
|
// Get redirect url
|
||||||
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
|
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
|
||||||
$backURL = $this->request->requestVar('BackURL')
|
$backURLs = array(
|
||||||
?: Session::get('BackURL')
|
$this->getRequest()->requestVar('BackURL'),
|
||||||
?: Director::absoluteURL(AdminRootController::config()->url_base, true);
|
Session::get('BackURL'),
|
||||||
|
Director::absoluteURL(AdminRootController::config()->url_base, true),
|
||||||
|
);
|
||||||
|
foreach ($backURLs as $backURL) {
|
||||||
|
if ($backURL && Director::is_site_url($backURL)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Show login
|
// Show login
|
||||||
$controller = $controller->customise(array(
|
$controller = $controller->customise(array(
|
||||||
|
Loading…
Reference in New Issue
Block a user