https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #15 from David Cook <dcook@prosentient.com.au> --- Comment on attachment 163496 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163496 Redirect to referring URL on successful OAuth2 Login Review of attachment 163496: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=34164&attachment=163496) ----------------------------------------------------------------- ::: Koha/REST/V1/OAuth/Client.pm @@ +56,4 @@
if ( $interface eq 'opac' ) { + my $host = C4::Context->preference('OPACBaseURL'); + $redirect_url = $host . '/api/v1/public/oauth/login/'; + if ((defined $referrer_url) && ($referrer_url ne '') && ($referrer_url =~ /^$host/ )) {
Since OPACBaseURL is a user input, I think it would be good to change the regexp to /^\Q$host\E/, so that we're escaping any metacharacters that might intentionally or unintentionally come through in that system preference. -- You are receiving this mail because: You are watching all bug changes.