[Koha-bugs] [Bug 31699] Add a generic way to redirect back to the page you were on at login for modal logins

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699

--- Comment #28 from David Cook <dcook at prosentient.com.au> ---
Comment on attachment 143469
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143469
Bug 31699: (follow-up) Protect against unauthorized redirects

Review of attachment 143469:
 --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=31699&attachment=143469)
-----------------------------------------------------------------

::: opac/opac-user.pl
@@ +428,5 @@
>  # back to the page we triggered the login from
>  my $return = $query->param('return');
>  if ( $return ) {
> +    my $uri = C4::Context->preference('OPACBaseURL');
> +    $uri .= $return;

If OPACBaseURL isn't set, which happens more often than I'd like, this would
still be vulnerable to open redirects.

I was thinking that we'd re-write the URL using the URI module. 

Today, I thought we could potentially get away with nuking the "scheme" and
"authority", but then I figured out a URL trick to get it to redirect to a
malicious URL. 

So I think we need to do a bit more validation. I'll write up a quick patch.

-- 
You are receiving this mail because:
You are watching all bug changes.