Brian Wolff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/366191 )
Change subject: SECURITY: Use getFullUrlForRedirect() in
Special:CentralAuthAutoLogin/setCookies
......................................................................
SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies
This ensures that interwiki links cannot be used as returnto values.
This is triggerable by going to
mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki
with centralauth where the user is already logged in.
Note, this change requires at least MediaWiki 1.27.2. This fix
makes this extension incompatible with MediaWiki 1.27.1 and
MediaWiki 1.27.0.
Bug: T134931
Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
---
M includes/specials/SpecialCentralAutoLogin.php
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/91/366191/1
diff --git a/includes/specials/SpecialCentralAutoLogin.php
b/includes/specials/SpecialCentralAutoLogin.php
index 56b2dc3..6608ea8 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -526,7 +526,7 @@
$returnToQuery = array();
}
- $redirectUrl = $returnToTitle->getFullURL(
$returnToQuery );
+ $redirectUrl =
$returnToTitle->getFullUrlForRedirect( $returnToQuery );
$script .= "\n" . 'location.href = ' .
Xml::encodeJsVar( $redirectUrl ) . ';';
--
To view, visit https://gerrit.wikimedia.org/r/366191
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Brian Wolff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
