[Koha-bugs] [Bug 15816] Timeout login redirects to home page
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Apr 23 16:00:29 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15816
--- Comment #4 from Ian Palko <library at stas.org> ---
I noticed today that when things timeout and the login screen is presented the
URL shown by the browser is the correct that should have appeared if there were
no timeout.
If that is the case, it should be able to be grabbed by a js or perl script and
then passed to the login script as a string. After login, if the string exists,
the script would replace the homepage redirect with the string.
That might add an inherent security flaw as if one could inject a variable, one
could maliciously redirect, but I imagine there are ways around that.
I haven't looked at the guts of the scripts to see if this is possible without
heavy rework, but perhaps it's an idea ... or perhaps you've thought of it
already ... either way, for what it's worth ...
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list