From 5a6a7f0467dfae072bb88dfa652c27edacd57e97 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Wed, 9 Nov 2022 08:27:44 +0000 Subject: [PATCH] Bug 31699: (follow-up) Protect against unauthorized redirects Signed-off-by: Tomas Cohen Arazi (cherry picked from commit e0760fd1851abc4a94a924bcf30e775c8e97da2a) Signed-off-by: Jacob O'Mara --- koha-tmpl/opac-tmpl/bootstrap/js/global.js | 2 +- opac/opac-user.pl | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/js/global.js b/koha-tmpl/opac-tmpl/bootstrap/js/global.js index 27fe084755..ce5d4f64b6 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/js/global.js +++ b/koha-tmpl/opac-tmpl/bootstrap/js/global.js @@ -228,7 +228,7 @@ $(document).ready(function(){ var button = $(this); var context = button.data('return'); if ( context ) { - $('#modalAuth').append(''); + $('#modalAuth').append(''); } $("#loginModal").modal("show"); }); diff --git a/opac/opac-user.pl b/opac/opac-user.pl index 1b2aa815d2..a02e7f16ac 100755 --- a/opac/opac-user.pl +++ b/opac/opac-user.pl @@ -428,8 +428,10 @@ if ($search_query) { # back to the page we triggered the login from my $return = $query->param('return'); if ( $return ) { + my $uri = C4::Context->preference('OPACBaseURL'); + $uri .= $return; print $query->redirect( - -uri => $return, + -uri => $uri, -cookie => $cookie, ); } -- 2.39.5