tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73252 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-03-17 22:24:50 +00:00
parent ad3d9ae29a
commit a96ca0eacc
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/control/Controller.php
View File

@ -480,7 +480,13 @@ class Controller extends RequestHandler {
$url = Director::baseURL(); $url = Director::baseURL();
} }
$this->redirect($url); // absolute redirection URLs not located on this site may cause phishing
if(Director::is_site_url($url)) {
return $this->redirect($url);
} else {
return false;
}
} }
/** /**

6
security/MemberLoginForm.php
View File

@ -126,12 +126,8 @@ JS
} elseif( } elseif(
isset($_REQUEST['BackURL']) isset($_REQUEST['BackURL'])
&& $_REQUEST['BackURL'] && $_REQUEST['BackURL']
&& (
// absolute redirection URLs may cause spoofing // absolute redirection URLs may cause spoofing
!Director::is_absolute_url($_REQUEST['BackURL']) && Director::is_site_url($_REQUEST['BackURL'])
// absolute URLs on the current domain are allowed
|| strpos($_REQUEST['BackURL'], Director::absoluteBaseURL()) !== FALSE
)
) { ) {
Director::redirect($_REQUEST['BackURL']); Director::redirect($_REQUEST['BackURL']);
} else { } else {