Keep urldc after logout (#595)
This commit is contained in:
parent
5a45bcf719
commit
f5000726d5
|
@ -59,7 +59,7 @@ sub controlUrl {
|
|||
|
||||
# REJECT NON BASE64 URL
|
||||
if ( $req->urlNotBase64 ) {
|
||||
$req->datas->{urldc} = $url;
|
||||
$req->{urldc} = $url;
|
||||
}
|
||||
else {
|
||||
if ( $url =~ m#[^A-Za-z0-9\+/=]# ) {
|
||||
|
@ -68,26 +68,26 @@ sub controlUrl {
|
|||
"warn" );
|
||||
return PE_BADURL;
|
||||
}
|
||||
$req->datas->{urldc} = decode_base64($url);
|
||||
$req->datas->{urldc} =~ s/[\r\n]//sg;
|
||||
$req->{urldc} = decode_base64($url);
|
||||
$req->{urldc} =~ s/[\r\n]//sg;
|
||||
}
|
||||
|
||||
# For logout request, test if Referer comes from an authorizated site
|
||||
my $tmp = (
|
||||
$req->param('logout')
|
||||
? $ENV{HTTP_REFERER}
|
||||
: $req->datas->{urldc}
|
||||
: $req->{urldc}
|
||||
);
|
||||
|
||||
# XSS attack
|
||||
if (
|
||||
$self->checkXSSAttack(
|
||||
$req->param('logout') ? 'HTTP Referer' : 'urldc',
|
||||
$req->datas->{urldc}
|
||||
$req->{urldc}
|
||||
)
|
||||
)
|
||||
{
|
||||
delete $req->datas->{urldc};
|
||||
delete $req->{urldc};
|
||||
return PE_BADURL;
|
||||
}
|
||||
|
||||
|
@ -99,7 +99,7 @@ sub controlUrl {
|
|||
. " | value: $tmp)",
|
||||
"warn"
|
||||
);
|
||||
delete $req->datas->{urldc};
|
||||
delete $req->{urldc};
|
||||
return PE_BADURL;
|
||||
}
|
||||
|
||||
|
@ -266,7 +266,7 @@ sub setSessionInfo {
|
|||
}
|
||||
|
||||
# Store URL origin in session
|
||||
$req->{sessionInfo}->{_url} = $req->datas->{urldc};
|
||||
$req->{sessionInfo}->{_url} = $req->{urldc};
|
||||
|
||||
# Share sessionInfo with underlying handler (needed for safe jail)
|
||||
HANDLER->datas( $req->{sessionInfo} );
|
||||
|
|
|
@ -136,7 +136,7 @@ sub do {
|
|||
}
|
||||
}
|
||||
else {
|
||||
if ($err) {
|
||||
if ( $err and $err != PE_LOGOUT_OK ) {
|
||||
my ( $tpl, $prms ) = $self->display($req);
|
||||
return $self->sendHtml( $req, $tpl, params => $prms );
|
||||
}
|
||||
|
@ -178,12 +178,12 @@ sub autoRedirect {
|
|||
my ( $self, $req ) = @_;
|
||||
|
||||
# Set redirection URL if needed
|
||||
$req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
|
||||
$req->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
|
||||
|
||||
# Redirection should be made if urldc defined
|
||||
if ( $req->datas->{urldc} ) {
|
||||
if ( $req->{urldc} ) {
|
||||
return [
|
||||
302, [ Location => $req->datas->{urldc}, @{ $req->respHeaders } ],
|
||||
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ],
|
||||
[]
|
||||
];
|
||||
}
|
||||
|
|
|
@ -11,14 +11,14 @@ sub afterDatas {
|
|||
|
||||
sub changeUrldc {
|
||||
my ( $self, $req ) = @_;
|
||||
my $urldc = $req->datas->{urldc};
|
||||
my $urldc = $req->{urldc};
|
||||
if ( $req->id
|
||||
and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi
|
||||
and $self->p->isTrustedUrl($urldc) )
|
||||
{
|
||||
my $ssl = $urldc =~ /^https/;
|
||||
$self->lmLog( 'CDA request', 'debug' );
|
||||
$req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
|
||||
$req->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
|
||||
. (
|
||||
( $self->conf->{securedCookie} < 2 or $ssl )
|
||||
? $self->conf->{cookieName} . "=" . $req->id
|
||||
|
|
Loading…
Reference in New Issue
Block a user