mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix redirect after login, prevent open redirects

This commit is contained in:
Michael Gapczynski 2012-05-18 16:56:15 -04:00
parent e03b5ff665
commit 90cbc32c77
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
index.php
View File

@ -117,6 +117,7 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
$redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}

4
lib/util.php
View File

@ -311,8 +311,8 @@ class OC_Util {
* Redirect to the user default page
*/
public static function redirectToDefaultPage(){
if(isset($_REQUEST['redirect_url'])) {
header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
header( 'Location: '.$_REQUEST['redirect_url']);
} else {
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
}