Brian Wolff has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/366189 )
Change subject: SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies ...................................................................... SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies This ensures that interwiki links cannot be used as returnto values. This is triggerable by going to mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki with centralauth where the user is already logged in. Note: This requires at least 1.28.1. This patch makes this extension incompatible with 1.28.0. Bug: T134931 Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922 --- M includes/specials/SpecialCentralAutoLogin.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/89/366189/1 diff --git a/includes/specials/SpecialCentralAutoLogin.php b/includes/specials/SpecialCentralAutoLogin.php index 4befd4c..687a8ad 100644 --- a/includes/specials/SpecialCentralAutoLogin.php +++ b/includes/specials/SpecialCentralAutoLogin.php @@ -520,7 +520,7 @@ $returnToQuery = array(); } - $redirectUrl = $returnToTitle->getFullURL( $returnToQuery ); + $redirectUrl = $returnToTitle->getFullUrlForRedirect( $returnToQuery ); $script .= "\n" . 'location.href = ' . Xml::encodeJsVar( $redirectUrl ) . ';'; -- To view, visit https://gerrit.wikimedia.org/r/366189 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: REL1_28 Gerrit-Owner: Brian Wolff <bawolff...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits