Brian Wolff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/366188 )
Change subject: SECURITY: Use getFullUrlForRedirect() in
Special:CentralAuthAutoLogin/setCookies
......................................................................
SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies
This ensures that interwiki links cannot be used as returnto values.
This is triggerable by going to
mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki
with centralauth where the user is already logged in.
Bug: T134931
Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
---
M includes/specials/SpecialCentralAutoLogin.php
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/88/366188/1
diff --git a/includes/specials/SpecialCentralAutoLogin.php
b/includes/specials/SpecialCentralAutoLogin.php
index 57ff39e..71b0e7a 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -534,7 +534,7 @@
$returnToQuery = array();
}
- $redirectUrl = $returnToTitle->getFullURL(
$returnToQuery );
+ $redirectUrl =
$returnToTitle->getFullUrlForRedirect( $returnToQuery );
$script .= "\n" . 'location.href = ' .
Xml::encodeJsVar( $redirectUrl ) . ';';
--
To view, visit https://gerrit.wikimedia.org/r/366188
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_29
Gerrit-Owner: Brian Wolff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
