diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2019-02-12 02:56:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-12 02:56:31 +0300 |
commit | 92fa86c7b252e2469227b7d1e7f553f297c66898 (patch) | |
tree | c1111910d378847dec8f42eaf11ee40e70dc8efd /plugins/Login/Controller.php | |
parent | 8e9942ff0729bea84fe52a83db076410500bba14 (diff) |
POST to login plugin in login form (#14081)
* Instead of using referrer URL, use redirect post param so we can post to Login module.
* Use actual login plugin name.
* Remove sanitization for form_redirect POST value.
* Couple more checks for a safer redirect.
* Do not include port in host check.
* Make sure hosts are not empty for more security.
Diffstat (limited to 'plugins/Login/Controller.php')
-rw-r--r-- | plugins/Login/Controller.php | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 1f2fa7d68d..18c66c62e1 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -21,6 +21,7 @@ use Piwik\Plugins\UsersManager\Model AS UsersModel; use Piwik\QuickForm2; use Piwik\Session; use Piwik\Url; +use Piwik\UrlHelper; use Piwik\View; /** @@ -126,7 +127,6 @@ class Controller extends \Piwik\Plugin\ControllerAdmin function login($messageNoAccess = null, $infoMessage = false) { $form = new FormLogin(); - $form->removeAttribute('action'); // remove action attribute, otherwise hash part will be lost if ($form->validate()) { $nonce = $form->getSubmitValue('form_nonce'); if (Nonce::verifyNonce('Login.login', $nonce)) { @@ -303,14 +303,19 @@ class Controller extends \Piwik\Plugin\ControllerAdmin $this->passwordResetter->removePasswordResetInfo($login); if (empty($urlToRedirect)) { - $referrer = Url::getReferrer(); - $module = Common::getRequestVar('module', '', 'string'); + $redirect = Common::unsanitizeInputValue(Common::getRequestVar('form_redirect', false)); + $redirectParams = UrlHelper::getArrayFromQueryString(UrlHelper::getQueryFromUrl($redirect)); + $module = Common::getRequestVar('module', '', 'string', $redirectParams); // when module is login, we redirect to home... - if ($module !== 'Login' && $module !== Piwik::getLoginPluginName() && $referrer) { - $host = Url::getHostFromUrl($referrer); + if (!empty($module) && $module !== 'Login' && $module !== Piwik::getLoginPluginName() && $redirect) { + $host = Url::getHostFromUrl($redirect); + $currentHost = Url::getHost(); + $currentHost = explode(':', $currentHost, 2)[0]; + // we only redirect to a trusted host - if ($host && Url::isValidHost($host)) { - $urlToRedirect = $referrer; + if (!empty($host) && !empty($currentHost) && $host == $currentHost && Url::isValidHost($host) + ) { + $urlToRedirect = $redirect; } } } |