https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699
--- Comment #33 from David Cook <[email protected]> --- With my upcoming patch, Without OPACBaseURL, no redirection happens for the following: http://localhost:8080/cgi-bin/koha/opac-user.pl?return=http://koha-community.org/test?test=test With OPACBaseURL, the return URL is rewritten to use the scheme and authority of OPACBaseURL, so that the following: http://localhost:8080/cgi-bin/koha/opac-user.pl?return=http://koha-community.org/test?test=test#test Redirects to: http://localhost:8080/test?test=test#test -- So it shouldn't be possible to send a user anywhere other than http://localhost:8080. (An alternative would be to set the page visited in the user's database session and then juggle that around and try to return to that, but that would be a more difficult code change than Martin's patches here.) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
