-
-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable URL Recovery from logout #948
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello & Welcome! :)
Thanks for taking the time to help improve ITFlow. We're excited to review your contributions - we'll review this PR as soon as we can!
Whilst you're waiting, please feel free to check out the forum.
Just so you know, all contributions to ITFlow are licensed under the GNU GPL. By contributing you grant us a perpetual & irrevocable license to include your work in ITFlow.
Hey there, Thanks for the PR! My only issue is that if you put an external link in the URL parameter, it looks like you could potentially divert people to third party websites. This is known as an Open Redirect vulnerability and is generally used in phishing campaigns. https://portswigger.net/kb/issues/00500100_open-redirection-reflected https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html I'm sure there's a way to mitigate but would love to hear your thoughts? |
I see now the potential issue. |
This looks good to me! The only thing I could think may be an issue is setting the location based off the (Nitpick: would be fab if you could add a space after the IF statement and include braces for both - it's our standard, even if there's only one line within the statement). Either way @johnnyq I'm happy to get this merged for now and fix forward. |
Hello, no problem, I'll change if standard. |
Quality Gate passedIssues Measures |
Looks great to me @wrongecho and thank you for the patch @ssteeltm merging in |
to acomplish the discussed in https://forum.itflow.org/d/688-session-expire-should-back-with-current-url
When yout get logged out from session expire, it will save last url tried, to when logging again redirect to it.