tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-30 05:09:06 +02:00
Code Issues Projects Releases Wiki Activity

[ss-2015-015]: Fix insecure returnURL in DatabaseAdmin

Browse Source
This commit is contained in:
Damian Mooyman 2015-09-08 09:46:57 +12:00
parent 92f9af1984
commit 7192932022
1 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
model/DatabaseAdmin.php
View File

@ -90,17 +90,37 @@ class DatabaseAdmin extends Controller {
// Get all our classes // Get all our classes
SS_ClassLoader::instance()->getManifest()->regenerate(); SS_ClassLoader::instance()->getManifest()->regenerate();
if(isset($_GET['returnURL'])) { $url = $this->getReturnURL();
if($url) {
echo "<p>Setting up the database; you will be returned to your site shortly....</p>"; echo "<p>Setting up the database; you will be returned to your site shortly....</p>";
$this->doBuild(true); $this->doBuild(true);
echo "<p>Done!</p>"; echo "<p>Done!</p>";
$this->redirect($_GET['returnURL']); $this->redirect($url);
} else { } else {
$this->doBuild(isset($_REQUEST['quiet']) || isset($_REQUEST['from_installer']), $quiet = $this->request->requestVar('quiet') !== null;
!isset($_REQUEST['dont_populate'])); $fromInstaller = $this->request->requestVar('from_installer') !== null;
$populate = $this->request->requestVar('dont_populate') === null;
$this->doBuild($quiet || $fromInstaller, $populate);
} }
} }
/**
* Gets the url to return to after build
*
* @return string|null
*/
protected function getReturnURL() {
$url = $this->request->getVar('returnURL');
// Check that this url is a site url
if(empty($url) || !Director::is_site_url($url)) {
return null;
}
// Convert to absolute URL
return Director::absoluteURL($url, true);
}
/** /**
* Check if database needs to be built, and build it if it does. * Check if database needs to be built, and build it if it does.
*/ */