AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated 

fixed domain url from config to prevent open redirect issue and encoded uri
This commit is contained in:
Hugo Sampaio 2024-05-03 09:34:50 -03:00
parent b8c529c2ec
commit bab66bf769
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
check_login.php
View File

@ -21,7 +21,7 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
if($_SERVER["REQUEST_URI"] == "/")
header("Location: login.php");
else
header("Location: login.php?url=".urlencode($_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) );
header("Location: login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
exit;
}
@ -87,4 +87,3 @@ $num_notifications = $row['num'];
//if ($session_user_config_force_mfa == 1 && $session_token == NULL) {
// header("Location: force_mfa.php");
//}

4
login.php
View File

@ -218,8 +218,8 @@ if (isset($_POST['login'])) {
//}
}
if($_GET['url'])
header("Location: ".$_GET['url']);
if($_GET['last_visited'])
header("Location: ".$_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) );
else
header("Location: $config_start_page");