Skip to content

Commit

Permalink
Merge pull request from GHSA-jc43-qrrp-98f5
Browse files Browse the repository at this point in the history 
* Ignore the referer if it contains an insert tag

* Only check for insert tags

* Decode curly brackets instead of ignoring the referer
  • Loading branch information
@leofeyer
leofeyer committed Dec 17, 2019
1 parent 9cb3f27 commit 227f57f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion core-bundle/src/Resources/contao/controllers/BackendIndex.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ public function run()

if ($referer = Input::get('referer', true))
{
$queryString = '?' . base64_decode($referer);
// Decode the referer and urlencode insert tags
$queryString = '?' . str_replace(array('{', '}'), array('%7B', '%7D'), base64_decode($referer, true));
$arrParams['referer'] = $referer;
}

Expand Down
3 changes: 2 additions & 1 deletion core-bundle/src/Resources/contao/modules/ModuleLogin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ public function generate()
}
elseif ($this->redirectBack && ($referer = Input::get('referer', true)))
{
$this->targetPath = Environment::get('base') . base64_decode($referer, true);
// Decode the referer and urlencode insert tags
$this->targetPath = Environment::get('base') . str_replace(array('{', '}'), array('%7B', '%7D'), base64_decode($referer, true));
}

return parent::generate();
Expand Down

0 comments on commit 227f57f

Please sign in to comment.