mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #85 from stojg/release/security-spoofing-attack
MINOR Redirect user to homepage if the BackURL have been set to another site
This commit is contained in:
commit
95b6490ffa
@ -30,7 +30,12 @@ class MemberAuthenticator extends Authenticator {
|
||||
* @see Security::setDefaultAdmin()
|
||||
*/
|
||||
public static function authenticate($RAW_data, Form $form = null) {
|
||||
if(array_key_exists('Email', $RAW_data) && $RAW_data['Email']){
|
||||
$SQL_user = Convert::raw2sql($RAW_data['Email']);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
$isLockedOut = false;
|
||||
$result = null;
|
||||
|
||||
|
@ -123,48 +123,12 @@ JS
|
||||
*/
|
||||
public function dologin($data) {
|
||||
if($this->performLogin($data)) {
|
||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||
Session::clear('SessionForms.MemberLoginForm.Remember');
|
||||
if(Member::currentUser()->isPasswordExpired()) {
|
||||
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
|
||||
Session::set('BackURL', $backURL);
|
||||
}
|
||||
|
||||
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
|
||||
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
|
||||
|
||||
Director::redirect('Security/changepassword');
|
||||
} elseif(
|
||||
isset($_REQUEST['BackURL'])
|
||||
&& $_REQUEST['BackURL']
|
||||
// absolute redirection URLs may cause spoofing
|
||||
&& Director::is_site_url($_REQUEST['BackURL'])
|
||||
) {
|
||||
Director::redirect($_REQUEST['BackURL']);
|
||||
} elseif (Security::default_login_dest()) {
|
||||
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
|
||||
} else {
|
||||
$member = Member::currentUser();
|
||||
if($member) {
|
||||
$firstname = Convert::raw2xml($member->FirstName);
|
||||
|
||||
if(!empty($data['Remember'])) {
|
||||
Session::set('SessionForms.MemberLoginForm.Remember', '1');
|
||||
$member->logIn(true);
|
||||
} else {
|
||||
$member->logIn();
|
||||
}
|
||||
|
||||
Session::set('Security.Message.message',
|
||||
sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname)
|
||||
);
|
||||
Session::set("Security.Message.type", "good");
|
||||
}
|
||||
Director::redirectBack();
|
||||
}
|
||||
$this->logInUserAndRedirect($data);
|
||||
} else {
|
||||
if(array_key_exists('Email', $data)){
|
||||
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
||||
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
|
||||
}
|
||||
|
||||
if(isset($_REQUEST['BackURL'])) $backURL = $_REQUEST['BackURL'];
|
||||
else $backURL = null;
|
||||
@ -182,6 +146,72 @@ JS
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Login in the user and figure out where to redirect the browser.
|
||||
*
|
||||
* The $data has this format
|
||||
* array(
|
||||
* 'AuthenticationMethod' => 'MemberAuthenticator',
|
||||
* 'Email' => 'sam@silverstripe.com',
|
||||
* 'Password' => '1nitialPassword',
|
||||
* 'BackURL' => 'test/link',
|
||||
* [Optional: 'Remember' => 1 ]
|
||||
* )
|
||||
*
|
||||
* @param array $data
|
||||
* @return void
|
||||
*/
|
||||
protected function logInUserAndRedirect($data) {
|
||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||
Session::clear('SessionForms.MemberLoginForm.Remember');
|
||||
|
||||
if(Member::currentUser()->isPasswordExpired()) {
|
||||
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
|
||||
Session::set('BackURL', $backURL);
|
||||
}
|
||||
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
|
||||
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
|
||||
Director::redirect('Security/changepassword');
|
||||
return;
|
||||
}
|
||||
|
||||
// Absolute redirection URLs may cause spoofing
|
||||
if(isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL']) ) {
|
||||
Director::redirect($_REQUEST['BackURL']);
|
||||
return;
|
||||
}
|
||||
|
||||
// Spoofing attack, redirect to homepage instead of spoofing url
|
||||
if(isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && !Director::is_site_url($_REQUEST['BackURL'])) {
|
||||
Director::redirect(Director::absoluteBaseURL());
|
||||
return;
|
||||
}
|
||||
|
||||
// If a default login dest has been set, redirect to that.
|
||||
if (Security::default_login_dest()) {
|
||||
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
|
||||
return;
|
||||
}
|
||||
|
||||
// Redirect the user to the page where he came from
|
||||
$member = Member::currentUser();
|
||||
if($member) {
|
||||
$firstname = Convert::raw2xml($member->FirstName);
|
||||
if(!empty($data['Remember'])) {
|
||||
Session::set('SessionForms.MemberLoginForm.Remember', '1');
|
||||
$member->logIn(true);
|
||||
} else {
|
||||
$member->logIn();
|
||||
}
|
||||
|
||||
Session::set('Security.Message.message',
|
||||
sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname)
|
||||
);
|
||||
Session::set("Security.Message.type", "good");
|
||||
}
|
||||
Controller::curr()->redirectBack();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Log out form handler method
|
||||
|
Loading…
Reference in New Issue
Block a user