Skip to content

Commit

Permalink
Fix even more redirects.
Browse files Browse the repository at this point in the history 
There are a bunch of ways to redirect in Horde.
  • Loading branch information
@yunosh
yunosh committed Jul 3, 2017
1 parent 1e58062 commit ea59bad
Show file tree
Hide file tree
Showing 8 changed files with 24 additions and 11 deletions.
4 changes: 2 additions & 2 deletions nag/app/controllers/CompleteTask.php
View file
Expand Up @@ -18,8 +18,8 @@ public function processRequest(Horde_Controller_Request $request, Horde_Controll
$requestVars['format'] == 'json') {
$response->setContentType('application/json');
$response->setBody(json_encode($result));
} elseif ($requestVars['url']) {
$response->setRedirectUrl($requestVars['url']);
} elseif ($url = Horde::verifySignedUrl($requestVars['url'])) {
$response->setRedirectUrl($url);
}
}
}
9 changes: 6 additions & 3 deletions nag/app/controllers/SaveTask.php
View file
Expand Up @@ -110,11 +110,14 @@ public function processRequest(Horde_Controller_Request $request, Horde_Controll
'tasklist_id' => $info['tasklist_id'],
'parent' => $info['parent']));
} else {
$url = Horde_Util::getFormData('url', (string)Horde::url('list.php', true));
$url = Horde::url($url, true);
if ($url = Horde::verifySignedUrl(Horde_Util::getFormData('url'))) {
$url = Horde::url($url, true);
} else {
$url = Horde::url('list.php', true);
}
}

$response->setRedirectUrl($url);
$response->setRedirectUrl((string)$url);
}

/**
Expand Down
1 change: 1 addition & 0 deletions nag/docs/CHANGES
View file
Expand Up @@ -2,6 +2,7 @@
v4.2.15-git
-----------

[jan] SECURITY: Fix open redirects.
[mjr] Fix handling of delayed start dates (Bug #14634).


Expand Down
4 changes: 3 additions & 1 deletion nag/package.xml
View file
Expand Up @@ -33,6 +33,7 @@
</stability>
<license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
<notes>
* [jan] SECURITY: Fix open redirects.
* [mjr] Fix handling of delayed start dates (Bug #14634).
</notes>
<contents>
Expand Down Expand Up @@ -575,7 +576,7 @@
<package>
<name>Horde_Core</name>
<channel>pear.horde.org</channel>
<min>2.6.1</min>
<min>2.30.0</min>
<max>3.0.0alpha1</max>
<exclude>3.0.0alpha1</exclude>
</package>
Expand Down Expand Up @@ -1793,6 +1794,7 @@
<date>2017-03-20</date>
<license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
<notes>
* [jan] SECURITY: Fix open redirects.
* [mjr] Fix handling of delayed start dates (Bug #14634).
</notes>
</release>
Expand Down
5 changes: 4 additions & 1 deletion trean/app/controllers/DeleteBookmark.php
View file
Expand Up @@ -21,7 +21,10 @@ public function processRequest(Horde_Controller_Request $request, Horde_Controll
$response->setContentType('application/json');
$response->setBody(json_encode($result));
} else {
$response->setRedirectUrl(Horde_Util::getFormData('url', Horde::url('browse.php', true)));
if (!($url = Horde::verifySignedUrl(Horde_Util::getFormData('url')))) {
$url = Horde::url('browse.php', true);
}
$response->setRedirectUrl($url);
}
}
}
5 changes: 4 additions & 1 deletion trean/app/controllers/SaveBookmark.php
View file
Expand Up @@ -30,7 +30,10 @@ public function processRequest(Horde_Controller_Request $request, Horde_Controll
$response->setContentType('application/json');
$response->setBody(json_encode($result));
} else {
$response->setRedirectUrl(Horde_Util::getFormData('url', Horde::url('browse.php', true)));
if (!($url = Horde::verifySignedUrl(Horde_Util::getFormData('url')))) {
$url = Horde::url('browse.php', true);
}
$response->setRedirectUrl($url);
}
}
}
1 change: 1 addition & 0 deletions trean/docs/CHANGES
View file
Expand Up @@ -2,6 +2,7 @@
v1.1.8-git
----------

[jan] SECURITY: Fix open redirects.


------
Expand Down
6 changes: 3 additions & 3 deletions trean/package.xml
View file
Expand Up @@ -33,7 +33,7 @@
</stability>
<license uri="http://www.horde.org/licenses/bsd">BSD-2-Clause</license>
<notes>
*
* [jan] SECURITY: Fix open redirects.
</notes>
<contents>
<dir baseinstalldir="/" name="/">
Expand Down Expand Up @@ -326,7 +326,7 @@
<package>
<name>Horde_Core</name>
<channel>pear.horde.org</channel>
<min>2.0.0</min>
<min>2.30.0</min>
<max>3.0.0alpha1</max>
<exclude>3.0.0alpha1</exclude>
</package>
Expand Down Expand Up @@ -813,7 +813,7 @@
<date>2016-12-16</date>
<license uri="http://www.horde.org/licenses/bsd">BSD-2-Clause</license>
<notes>
*
* [jan] SECURITY: Fix open redirects.
</notes>
</release>
</changelog>
Expand Down

0 comments on commit ea59bad

Please sign in to comment.