mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make redirect safe by restricting it to current host

This commit is contained in:
Michiel de Jong 2012-05-18 15:32:41 +02:00
parent 9b5e8a2c63
commit 1a874b4c56
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.php
View File

@ -117,6 +117,6 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999); $sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken; $_SESSION['sectoken']=$sectoken;
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $_SERVER['REQUEST_URI'])); OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
} }
} }

2
lib/util.php
View File

@ -312,7 +312,7 @@ class OC_Util {
*/ */
public static function redirectToDefaultPage(){ public static function redirectToDefaultPage(){
if(isset($_REQUEST['redirect_url'])) { if(isset($_REQUEST['redirect_url'])) {
header( 'Location: '.$_REQUEST['redirect_url']); header( 'Location: /'.$_REQUEST['redirect_url']);
} else { } else {
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
} }