Skip to content

Commit

Permalink
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhensby
dhensby committed Apr 20, 2016
1 parent 1f820b0 commit 1ccd392
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions security/CMSSecurity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,9 +186,16 @@ public function success() {

// Get redirect url
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
$backURL = $this->request->requestVar('BackURL')
?: Session::get('BackURL')
?: Director::absoluteURL(AdminRootController::config()->url_base, true);
$backURLs = array(
$this->getRequest()->requestVar('BackURL'),
Session::get('BackURL'),
Director::absoluteURL(AdminRootController::config()->url_base, true),
);
foreach ($backURLs as $backURL) {
if ($backURL && Director::is_site_url($backURL)) {
break;
}
}

// Show login
$controller = $controller->customise(array(
Expand Down

0 comments on commit 1ccd392

Please sign in to comment.