Being unsatisfied by the redirection mechanism UN GLPI 0.84, I decided to check if it had changed in more recent version. The answer was yes, and although I like the fact that having to authenticate does not lose track of which like you used, I could not help to notice that it allows redirection without checking anything.
I'm pretty sure it has to be considered as a security breach. Not a major one, but still. Right now, if you use a link like this one : http://glpi.localhost/index.php?redirect=https%3A%2F%2Fwww.owasp.org%2Findex.php%2FOpen_redirect, you can redirect anyone to any page.
I'm pretty new to git usage and github, but I'll try to make a pull-request with a very minor fix against that. Basically, my proposition is to allow redirection only if it redirects toward this entity of glpi (as I don't see any situation where it would be justified to use GLPI to redirect to somewhere else).
It is only a proposition, of course, as I'm not entirely sure it won't have any side effect, and not a complete one either, as I add a message, and did not take in account translation doing so.
The text was updated successfully, but these errors were encountered: