Brian Wolff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/366189 )
Change subject: SECURITY: Use getFullUrlForRedirect() in
Special:CentralAuthAutoLogin/setCookies
......................................................................
SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies
This ensures that interwiki links cannot be used as returnto values.
This is triggerable by going to
mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki
with centralauth where the user is already logged in.
Note: This requires at least 1.28.1. This patch makes this
extension incompatible with 1.28.0.
Bug: T134931
Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
---
M includes/specials/SpecialCentralAutoLogin.php
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/89/366189/1
diff --git a/includes/specials/SpecialCentralAutoLogin.php
b/includes/specials/SpecialCentralAutoLogin.php
index 4befd4c..687a8ad 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -520,7 +520,7 @@
$returnToQuery = array();
}
- $redirectUrl = $returnToTitle->getFullURL(
$returnToQuery );
+ $redirectUrl =
$returnToTitle->getFullUrlForRedirect( $returnToQuery );
$script .= "\n" . 'location.href = ' .
Xml::encodeJsVar( $redirectUrl ) . ';';
--
To view, visit https://gerrit.wikimedia.org/r/366189
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_28
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
