From a1dc52719c0f7cb2ceecb759735fd036ee9a306f Mon Sep 17 00:00:00 2001 From: Mateusz Uzdowski Date: Wed, 21 Apr 2010 03:10:20 +0000 Subject: [PATCH] ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103229 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- security/ChangePasswordForm.php | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/security/ChangePasswordForm.php b/security/ChangePasswordForm.php index eaecdfdae..f15e74425 100755 --- a/security/ChangePasswordForm.php +++ b/security/ChangePasswordForm.php @@ -20,6 +20,12 @@ class ChangePasswordForm extends Form { * form - a {@link FieldSet} of */ function __construct($controller, $name, $fields = null, $actions = null) { + if(isset($_REQUEST['BackURL'])) { + $backURL = $_REQUEST['BackURL']; + } else { + $backURL = Session::get('BackURL'); + } + if(!$fields) { $fields = new FieldSet(); if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) { @@ -35,6 +41,10 @@ class ChangePasswordForm extends Form { ); } + if(isset($backURL)) { + $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); + } + parent::__construct($controller, $name, $fields, $actions); } @@ -88,9 +98,19 @@ class ChangePasswordForm extends Form { _t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good"); Session::clear('AutoLoginHash'); - $redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login')); - Director::redirect($redirectURL); - + + if (isset($_REQUEST['BackURL']) + && $_REQUEST['BackURL'] + // absolute redirection URLs may cause spoofing + && Director::is_site_url($_REQUEST['BackURL']) + ) { + Director::redirect($_REQUEST['BackURL']); + } + else { + // Redirect to default location - the login form saying "You are logged in as..." + $redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login')); + Director::redirect($redirectURL); + } } else { $this->clearMessage(); $this->sessionMessage(