Page MenuHomePhabricator
Files F8537834

T134931-redirect.patch
No One
Actions

Authored By
Bawolff
Jun 27 2017, 2:02 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T134931-redirect.patch
View Options

From 6b72467dba6f040fbf0b72dca9df765cc518d111 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Tue, 27 Jun 2017 13:52:15 +0000
Subject: [PATCH] SECURITY: Use getFullUrlForRedirect() in
Special:CentralAuthAutoLogin/setCookies
This ensures that interwiki links cannot be used as returnto values.
This is triggerable by going to
mywiki.com/wiki/Special:Userlogin?returnto=google:Foo on a wiki
with centralauth where the user is already logged in.
Bug: T134931
---
includes/specials/SpecialCentralAutoLogin.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/specials/SpecialCentralAutoLogin.php b/includes/specials/SpecialCentralAutoLogin.php
index 2566a2c..5d67723 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -533,7 +533,7 @@ class SpecialCentralAutoLogin extends UnlistedSpecialPage {
$returnToQuery = [];
}
- $redirectUrl = $returnToTitle->getFullURL( $returnToQuery );
+ $redirectUrl = $returnToTitle->getFullUrlForRedirect( $returnToQuery );
$script .= "\n" . 'location.href = ' . Xml::encodeJsVar( $redirectUrl ) . ';';
--
1.9.5 (Apple Git-50.3)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
4742066
Default Alt Text
T134931-redirect.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL