mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #85 from stojg/release/security-spoofing-attack
MINOR Redirect user to homepage if the BackURL have been set to another site
This commit is contained in:
commit
95b6490ffa
@ -30,7 +30,12 @@ class MemberAuthenticator extends Authenticator {
|
|||||||
* @see Security::setDefaultAdmin()
|
* @see Security::setDefaultAdmin()
|
||||||
*/
|
*/
|
||||||
public static function authenticate($RAW_data, Form $form = null) {
|
public static function authenticate($RAW_data, Form $form = null) {
|
||||||
$SQL_user = Convert::raw2sql($RAW_data['Email']);
|
if(array_key_exists('Email', $RAW_data) && $RAW_data['Email']){
|
||||||
|
$SQL_user = Convert::raw2sql($RAW_data['Email']);
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$isLockedOut = false;
|
$isLockedOut = false;
|
||||||
$result = null;
|
$result = null;
|
||||||
|
|
||||||
|
@ -123,48 +123,12 @@ JS
|
|||||||
*/
|
*/
|
||||||
public function dologin($data) {
|
public function dologin($data) {
|
||||||
if($this->performLogin($data)) {
|
if($this->performLogin($data)) {
|
||||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
$this->logInUserAndRedirect($data);
|
||||||
Session::clear('SessionForms.MemberLoginForm.Remember');
|
|
||||||
if(Member::currentUser()->isPasswordExpired()) {
|
|
||||||
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
|
|
||||||
Session::set('BackURL', $backURL);
|
|
||||||
}
|
|
||||||
|
|
||||||
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
|
|
||||||
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
|
|
||||||
|
|
||||||
Director::redirect('Security/changepassword');
|
|
||||||
} elseif(
|
|
||||||
isset($_REQUEST['BackURL'])
|
|
||||||
&& $_REQUEST['BackURL']
|
|
||||||
// absolute redirection URLs may cause spoofing
|
|
||||||
&& Director::is_site_url($_REQUEST['BackURL'])
|
|
||||||
) {
|
|
||||||
Director::redirect($_REQUEST['BackURL']);
|
|
||||||
} elseif (Security::default_login_dest()) {
|
|
||||||
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
|
|
||||||
} else {
|
|
||||||
$member = Member::currentUser();
|
|
||||||
if($member) {
|
|
||||||
$firstname = Convert::raw2xml($member->FirstName);
|
|
||||||
|
|
||||||
if(!empty($data['Remember'])) {
|
|
||||||
Session::set('SessionForms.MemberLoginForm.Remember', '1');
|
|
||||||
$member->logIn(true);
|
|
||||||
} else {
|
|
||||||
$member->logIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
Session::set('Security.Message.message',
|
|
||||||
sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname)
|
|
||||||
);
|
|
||||||
Session::set("Security.Message.type", "good");
|
|
||||||
}
|
|
||||||
Director::redirectBack();
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
if(array_key_exists('Email', $data)){
|
||||||
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
|
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
||||||
|
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
|
||||||
|
}
|
||||||
|
|
||||||
if(isset($_REQUEST['BackURL'])) $backURL = $_REQUEST['BackURL'];
|
if(isset($_REQUEST['BackURL'])) $backURL = $_REQUEST['BackURL'];
|
||||||
else $backURL = null;
|
else $backURL = null;
|
||||||
@ -182,6 +146,72 @@ JS
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Login in the user and figure out where to redirect the browser.
|
||||||
|
*
|
||||||
|
* The $data has this format
|
||||||
|
* array(
|
||||||
|
* 'AuthenticationMethod' => 'MemberAuthenticator',
|
||||||
|
* 'Email' => 'sam@silverstripe.com',
|
||||||
|
* 'Password' => '1nitialPassword',
|
||||||
|
* 'BackURL' => 'test/link',
|
||||||
|
* [Optional: 'Remember' => 1 ]
|
||||||
|
* )
|
||||||
|
*
|
||||||
|
* @param array $data
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
protected function logInUserAndRedirect($data) {
|
||||||
|
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||||
|
Session::clear('SessionForms.MemberLoginForm.Remember');
|
||||||
|
|
||||||
|
if(Member::currentUser()->isPasswordExpired()) {
|
||||||
|
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
|
||||||
|
Session::set('BackURL', $backURL);
|
||||||
|
}
|
||||||
|
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
|
||||||
|
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
|
||||||
|
Director::redirect('Security/changepassword');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Absolute redirection URLs may cause spoofing
|
||||||
|
if(isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL']) ) {
|
||||||
|
Director::redirect($_REQUEST['BackURL']);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Spoofing attack, redirect to homepage instead of spoofing url
|
||||||
|
if(isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && !Director::is_site_url($_REQUEST['BackURL'])) {
|
||||||
|
Director::redirect(Director::absoluteBaseURL());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If a default login dest has been set, redirect to that.
|
||||||
|
if (Security::default_login_dest()) {
|
||||||
|
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Redirect the user to the page where he came from
|
||||||
|
$member = Member::currentUser();
|
||||||
|
if($member) {
|
||||||
|
$firstname = Convert::raw2xml($member->FirstName);
|
||||||
|
if(!empty($data['Remember'])) {
|
||||||
|
Session::set('SessionForms.MemberLoginForm.Remember', '1');
|
||||||
|
$member->logIn(true);
|
||||||
|
} else {
|
||||||
|
$member->logIn();
|
||||||
|
}
|
||||||
|
|
||||||
|
Session::set('Security.Message.message',
|
||||||
|
sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname)
|
||||||
|
);
|
||||||
|
Session::set("Security.Message.type", "good");
|
||||||
|
}
|
||||||
|
Controller::curr()->redirectBack();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Log out form handler method
|
* Log out form handler method
|
||||||
|
Loading…
Reference in New Issue
Block a user