jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/366191 )
Change subject: SECURITY: Use getFullUrlForRedirect() in
Special:CentralAuthAutoLogin/setCookies
......................................................................
SECURITY: Use getFullUrlForRedirect() in Special:CentralAuthAutoLogin/setCookies
This ensures that interwiki links cannot be used as returnto values.
This is triggerable by going to
mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki
with centralauth where the user is already logged in.
Note, this change requires at least MediaWiki 1.27.2. This fix
makes this extension incompatible with MediaWiki 1.27.1 and
MediaWiki 1.27.0.
Bug: T134931
Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
---
M includes/specials/SpecialCentralAutoLogin.php
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Brian Wolff: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/specials/SpecialCentralAutoLogin.php
b/includes/specials/SpecialCentralAutoLogin.php
index 56b2dc3..6608ea8 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -526,7 +526,7 @@
$returnToQuery = array();
}
- $redirectUrl = $returnToTitle->getFullURL(
$returnToQuery );
+ $redirectUrl =
$returnToTitle->getFullUrlForRedirect( $returnToQuery );
$script .= "\n" . 'location.href = ' .
Xml::encodeJsVar( $redirectUrl ) . ';';
--
To view, visit https://gerrit.wikimedia.org/r/366191
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ida6d1c04994295de827d6b52e43032005d49c922
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Brian Wolff <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
