ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent open redirects upon agent login

Browse Source
This commit is contained in:
wrongecho
2025-10-06 16:32:42 +01:00
parent 01f6615ca0
commit d8803aaac2
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
login.php
View File

@@ -215,8 +215,13 @@ if (isset($_POST['login'])) {
//} //}
} }
if (isset($_GET['last_visited'])) {
// Redirect to last visited or config home
if (isset($_GET['last_visited']) && (str_starts_with(base64_decode($_GET['last_visited']), '/agent') || str_starts_with(base64_decode($_GET['last_visited']), '/admin'))) {
redirect($_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) ); redirect($_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) );
} else { } else {
redirect("agent/$config_start_page"); redirect("agent/$config_start_page");
} }