https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164
--- Comment #15 from David Cook <[email protected]> --- Comment on attachment 163496 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163496 Redirect to referring URL on successful OAuth2 Login Review of attachment 163496: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=34164&attachment=163496) ----------------------------------------------------------------- ::: Koha/REST/V1/OAuth/Client.pm @@ +56,4 @@ > if ( $interface eq 'opac' ) { > + my $host = C4::Context->preference('OPACBaseURL'); > + $redirect_url = $host . '/api/v1/public/oauth/login/'; > + if ((defined $referrer_url) && ($referrer_url ne '') && > ($referrer_url =~ /^$host/ )) { Since OPACBaseURL is a user input, I think it would be good to change the regexp to /^\Q$host\E/, so that we're escaping any metacharacters that might intentionally or unintentionally come through in that system preference. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
