From 90cbc32c77bb213bb9064645bdbd69ce7791f6c7 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Fri, 18 May 2012 16:56:15 -0400
Subject: Fix redirect after login, prevent open redirects

---
 index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 94b9def0b41..690fc90e752 100644
--- a/index.php
+++ b/index.php
@@ -117,6 +117,7 @@ elseif(OC_User::isLoggedIn()) {
 	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
+		$redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
+		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
 	}
 }
-- 
cgit v1.2.3