Bug 31699: (follow-up) Protect against unauthorized redirects
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e0760fd185
)
Signed-off-by: Jacob O'Mara <jacob.omara@ptfs-europe.com>
This commit is contained in:
parent
7a5ad16654
commit
5a6a7f0467
2 changed files with 4 additions and 2 deletions
|
@ -228,7 +228,7 @@ $(document).ready(function(){
|
|||
var button = $(this);
|
||||
var context = button.data('return');
|
||||
if ( context ) {
|
||||
$('#modalAuth').append('<input type="hidden" name="return" value="'+window.location+'" />');
|
||||
$('#modalAuth').append('<input type="hidden" name="return" value="'+window.location.pathname+window.location.search+'" />');
|
||||
}
|
||||
$("#loginModal").modal("show");
|
||||
});
|
||||
|
|
|
@ -428,8 +428,10 @@ if ($search_query) {
|
|||
# back to the page we triggered the login from
|
||||
my $return = $query->param('return');
|
||||
if ( $return ) {
|
||||
my $uri = C4::Context->preference('OPACBaseURL');
|
||||
$uri .= $return;
|
||||
print $query->redirect(
|
||||
-uri => $return,
|
||||
-uri => $uri,
|
||||
-cookie => $cookie,
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue