[Koha-bugs] [Bug 31699] Add a generic way to redirect back to the page you were on at login for modal logins
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 8 23:38:42 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699
--- Comment #19 from David Cook <dcook at prosentient.com.au> ---
(In reply to Tomás Cohen Arazi from comment #16)
> Do we need some form of validation for $return?
100%
The "return" param could either be window.location.pathname +
window.location.search so the Perl could append that to OpacBaseURL, or
"return" could be a full URL, and the Perl replaces the hostname with
OpacBaseURL.
This is the approach we use in C4::Auth_with_shibboleth, and it's something
I've used elsewhere as well.
The only downside I see is that it locks you into using the particular
OpacBaseURL you have defined for that virtual host.
Either way, we definitely need to validate/construct the URL, or else we're
creating this problem:
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list