make redirect safe by restricting it to current host
This commit is contained in:
parent
9b5e8a2c63
commit
1a874b4c56
2 changed files with 2 additions and 2 deletions
|
@ -117,6 +117,6 @@ elseif(OC_User::isLoggedIn()) {
|
|||
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
|
||||
$sectoken=rand(1000000,9999999);
|
||||
$_SESSION['sectoken']=$sectoken;
|
||||
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $_SERVER['REQUEST_URI']));
|
||||
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -312,7 +312,7 @@ class OC_Util {
|
|||
*/
|
||||
public static function redirectToDefaultPage(){
|
||||
if(isset($_REQUEST['redirect_url'])) {
|
||||
header( 'Location: '.$_REQUEST['redirect_url']);
|
||||
header( 'Location: /'.$_REQUEST['redirect_url']);
|
||||
} else {
|
||||
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue