https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699
--- Comment #28 from David Cook <[email protected]> --- Comment on attachment 143469 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143469 Bug 31699: (follow-up) Protect against unauthorized redirects Review of attachment 143469: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=31699&attachment=143469) ----------------------------------------------------------------- ::: opac/opac-user.pl @@ +428,5 @@ > # back to the page we triggered the login from > my $return = $query->param('return'); > if ( $return ) { > + my $uri = C4::Context->preference('OPACBaseURL'); > + $uri .= $return; If OPACBaseURL isn't set, which happens more often than I'd like, this would still be vulnerable to open redirects. I was thinking that we'd re-write the URL using the URI module. Today, I thought we could potentially get away with nuking the "scheme" and "authority", but then I figured out a URL trick to get it to redirect to a malicious URL. So I think we need to do a bit more validation. I'll write up a quick patch. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
