nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[login] fix url redirection (#6325)

Browse Source 
* prevent open redirection attack
This commit is contained in:
agree
2022-03-10 22:10:16 -05:00
committed by GitHub
parent df1bed913c
commit 81666dd882
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
resources/check_auth.php
View File

@@ -297,7 +297,17 @@
//if logged in, redirect to login destination
if (!isset($_REQUEST["key"])) {
if (isset($_SESSION['login']['destination']['url'])) {
if (isset($_SESSION['redirect_path'])) {
$redirect_path = $_SESSION['redirect_path'];
unset($_SESSION['redirect_path']);
// prevent open redirect attacks. redirect url shouldn't contain a hostname
$parsed_url = parse_url($redirect_path);
if ($parsed_url['host']) {
die("Was someone trying to hack you?");
}
header("Location: ".$redirect_path);
}
elseif (isset($_SESSION['login']['destination']['url'])) {
header("Location: ".$_SESSION['login']['destination']['url']);
} elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
header("Location: ".PROJECT_PATH."/core/dashboard/");

4
resources/login.php
View File

@@ -254,6 +254,10 @@
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/";
}
if (strlen($_REQUEST['path']) > 0) {
$_SESSION['redirect_path'] = $_REQUEST['path'];
}
//add the header
$document['title'] = $text['title-login'];
include "resources/header.php";