ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated

Browse Source 
fixed domain url from config to prevent open redirect issue and encoded uri
This commit is contained in:
Hugo Sampaio
2024-05-03 09:34:50 -03:00
parent b8c529c2ec
commit bab66bf769
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
check_login.php
View File

@@ -21,7 +21,7 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
if($_SERVER["REQUEST_URI"] == "/")
header("Location: login.php");
else
header("Location: login.php?url=".urlencode($_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) );
header("Location: login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
exit;
}
@@ -87,4 +87,3 @@ $num_notifications = $row['num'];
//if ($session_user_config_force_mfa == 1 && $session_token == NULL) {
// header("Location: force_mfa.php");
//}

4
login.php
View File

@@ -218,8 +218,8 @@ if (isset($_POST['login'])) {
//}
}
if($_GET['url'])
header("Location: ".$_GET['url']);
if($_GET['last_visited'])
header("Location: ".$_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) );
else
header("Location: $config_start_page");