From 90cbc32c77bb213bb9064645bdbd69ce7791f6c7 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Fri, 18 May 2012 16:56:15 -0400 Subject: [PATCH] Fix redirect after login, prevent open redirects --- index.php | 3 ++- lib/util.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 94b9def0b4..690fc90e75 100644 --- a/index.php +++ b/index.php @@ -117,6 +117,7 @@ elseif(OC_User::isLoggedIn()) { if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; - OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1))); + $redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI']; + OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } } diff --git a/lib/util.php b/lib/util.php index 0e5f3a7362..d8f440c1d2 100644 --- a/lib/util.php +++ b/lib/util.php @@ -311,8 +311,8 @@ class OC_Util { * Redirect to the user default page */ public static function redirectToDefaultPage(){ - if(isset($_REQUEST['redirect_url'])) { - header( 'Location: /'.htmlentities($_REQUEST['redirect_url'])); + if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) { + header( 'Location: '.$_REQUEST['redirect_url']); } else { header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); }