Skip to content

Commit

Permalink
updated
Browse files Browse the repository at this point in the history 
fixed domain url from config to prevent open redirect issue and encoded uri
  • Loading branch information
@ssteeltm
ssteeltm committed May 3, 2024
1 parent b8c529c commit bab66bf
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
3 changes: 1 addition & 2 deletions check_login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
if($_SERVER["REQUEST_URI"] == "/")
header("Location: login.php");
else
header("Location: login.php?url=".urlencode($_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) );
header("Location: login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
exit;
}

Expand Down Expand Up @@ -87,4 +87,3 @@
//if ($session_user_config_force_mfa == 1 && $session_token == NULL) {
// header("Location: force_mfa.php");
//}

4 changes: 2 additions & 2 deletions login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,8 +218,8 @@
//}

}
if($_GET['url'])
header("Location: ".$_GET['url']);
if($_GET['last_visited'])
header("Location: ".$_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) );
else
header("Location: $config_start_page");

Expand Down

0 comments on commit bab66bf

Please sign in to comment.