Commit f5000726 authored by Yadd's avatar Yadd
Browse files

Keep urldc after logout (#595)

parent 5a45bcf7
......@@ -59,7 +59,7 @@ sub controlUrl {
# REJECT NON BASE64 URL
if ( $req->urlNotBase64 ) {
$req->datas->{urldc} = $url;
$req->{urldc} = $url;
}
else {
if ( $url =~ m#[^A-Za-z0-9\+/=]# ) {
......@@ -68,26 +68,26 @@ sub controlUrl {
"warn" );
return PE_BADURL;
}
$req->datas->{urldc} = decode_base64($url);
$req->datas->{urldc} =~ s/[\r\n]//sg;
$req->{urldc} = decode_base64($url);
$req->{urldc} =~ s/[\r\n]//sg;
}
# For logout request, test if Referer comes from an authorizated site
my $tmp = (
$req->param('logout')
? $ENV{HTTP_REFERER}
: $req->datas->{urldc}
: $req->{urldc}
);
# XSS attack
if (
$self->checkXSSAttack(
$req->param('logout') ? 'HTTP Referer' : 'urldc',
$req->datas->{urldc}
$req->{urldc}
)
)
{
delete $req->datas->{urldc};
delete $req->{urldc};
return PE_BADURL;
}
......@@ -99,7 +99,7 @@ sub controlUrl {
. " | value: $tmp)",
"warn"
);
delete $req->datas->{urldc};
delete $req->{urldc};
return PE_BADURL;
}
......@@ -266,7 +266,7 @@ sub setSessionInfo {
}
# Store URL origin in session
$req->{sessionInfo}->{_url} = $req->datas->{urldc};
$req->{sessionInfo}->{_url} = $req->{urldc};
# Share sessionInfo with underlying handler (needed for safe jail)
HANDLER->datas( $req->{sessionInfo} );
......
......@@ -136,7 +136,7 @@ sub do {
}
}
else {
if ($err) {
if ( $err and $err != PE_LOGOUT_OK ) {
my ( $tpl, $prms ) = $self->display($req);
return $self->sendHtml( $req, $tpl, params => $prms );
}
......@@ -178,12 +178,12 @@ sub autoRedirect {
my ( $self, $req ) = @_;
# Set redirection URL if needed
$req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
$req->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
# Redirection should be made if urldc defined
if ( $req->datas->{urldc} ) {
if ( $req->{urldc} ) {
return [
302, [ Location => $req->datas->{urldc}, @{ $req->respHeaders } ],
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ],
[]
];
}
......
......@@ -11,14 +11,14 @@ sub afterDatas {
sub changeUrldc {
my ( $self, $req ) = @_;
my $urldc = $req->datas->{urldc};
my $urldc = $req->{urldc};
if ( $req->id
and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi
and $self->p->isTrustedUrl($urldc) )
{
my $ssl = $urldc =~ /^https/;
$self->lmLog( 'CDA request', 'debug' );
$req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
$req->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
. (
( $self->conf->{securedCookie} < 2 or $ssl )
? $self->conf->{cookieName} . "=" . $req->id
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment