projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a6a7f0) | patch
Bug 31699: (follow-up) Protect more against open redirects
authorDavid Cook <dcook@prosentient.com.au>
Thu, 10 Nov 2022 00:00:37 +0000 (00:00 +0000)
committerJacob O'Mara <jacob.omara@ptfs-europe.com>
Mon, 13 Feb 2023 09:23:12 +0000 (09:23 +0000)
commitcf694ee7e5cab31d7ef6b16d2d6b2ae13c9d932b
tree99a6e8514156559d8c561d3539af73653857893ftree | snapshot
parent5a6a7f0467dfae072bb88dfa652c27edacd57e97commit | diff
Bug 31699: (follow-up) Protect more against open redirects

This change checks that the OPACBaseURL exists, and uses its scheme
and authority to rewrite the URL passed through the "return"
param.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 37ced7df0531accb4f091c78258ff98946d062c9)
Signed-off-by: Jacob O'Mara <jacob.omara@ptfs-europe.com>
opac/opac-user.pl diff | blob | history
Main Koha release repository