/[smeserver]/rpms/e-smith-manager/sme10/e-smith-manager-2.8.0-bz10167-emptyback.patch
ViewVC logotype

Annotation of /rpms/e-smith-manager/sme10/e-smith-manager-2.8.0-bz10167-emptyback.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Mon Mar 27 22:45:57 2017 UTC (7 years, 8 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-manager-2_8_0-33_el7_sme, e-smith-manager-2_8_0-27_el7_sme, e-smith-manager-2_8_0-35_el7_sme, e-smith-manager-2_8_0-30_el7_sme, e-smith-manager-2_8_0-37_el7_sme, e-smith-manager-2_8_0-32_el7_sme, e-smith-manager-2_8_0-34_el7_sme, e-smith-manager-2_8_0-28_el7_sme, e-smith-manager-2_8_0-24_el7_sme, e-smith-manager-2_8_0-38_el7_sme, e-smith-manager-2_8_0-29_el7_sme, e-smith-manager-2_8_0-31_el7_sme, e-smith-manager-2_8_0-19_el7_sme, e-smith-manager-2_8_0-20_el7_sme, e-smith-manager-2_8_0-22_el7_sme, e-smith-manager-2_8_0-25_el7_sme, e-smith-manager-2_8_0-26_el7_sme, e-smith-manager-2_8_0-36_el7_sme, e-smith-manager-2_8_0-21_el7_sme, HEAD
Changes since 1.1: +1 -1 lines
* Mon Mar 27 2017 Jean-Philipe Pialasse <tests@pialasse.com> 2.8.0-19.sme
- fix typo in  e-smith-manager-2.8.0-bz10167-emptyback.patch

1 unnilennium 1.1 diff -Nur e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login
2     --- e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login 2017-03-25 23:40:27.418000000 -0400
3     +++ e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login 2017-03-25 23:45:23.288000000 -0400
4     @@ -101,7 +101,7 @@
5     #warn "back from cgi param is $back\n" if $back;
6     $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $BACK_REFERER;
7     $back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/i;
8     -$back =~ s/^http:/https:/ if $server_name ne 'localhost';
9 unnilennium 1.2 +$back =~ s/^http:/https:/ if $server_name ne 'localhost' && defined($back);
10 unnilennium 1.1 #warn "back is $back\n";
11     if ($back && $back =~ m!^/!) {
12     my $hostname = $server_name;
13     @@ -132,7 +132,10 @@
14     my $b = URI->new($back);
15     # If $back domain doesn't match $AUTH_DOMAIN, stop there do not give opportunity to log in
16     my $domain = $AUTH_DOMAIN || $server_name;
17     -if ($b->host !~ m/\b$domain$/i) {
18     +if (! defined($back)) {
19     + $fatal="Missing redirection parameter: \"back\" <br />\nPlease manually enter the address you were trying to reach if you followed a link.<br />\n";
20     +}
21     +if (defined($back) && $b->host !~ m/\b$domain$/i) {
22     $fatal="Bad redirection parameter: \"$back\" is not an authorized redirection.<br />\nYou may be experiencing an attack.<br />\nLogin is not possible on the above URL for your own security.<br />\nPlease manually enter the address you were trying to reach if you followed a link.";
23     }
24    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed