https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699 --- Comment #28 from David Cook <dcook@prosentient.com.au> --- Comment on attachment 143469 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143469 Bug 31699: (follow-up) Protect against unauthorized redirects Review of attachment 143469: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=31699&attachment=143469) ----------------------------------------------------------------- ::: opac/opac-user.pl @@ +428,5 @@
# back to the page we triggered the login from my $return = $query->param('return'); if ( $return ) { + my $uri = C4::Context->preference('OPACBaseURL'); + $uri .= $return;
If OPACBaseURL isn't set, which happens more often than I'd like, this would still be vulnerable to open redirects. I was thinking that we'd re-write the URL using the URI module. Today, I thought we could potentially get away with nuking the "scheme" and "authority", but then I figured out a URL trick to get it to redirect to a malicious URL. So I think we need to do a bit more validation. I'll write up a quick patch. -- You are receiving this mail because: You are watching all bug changes.