/[smeserver]/rpms/e-smith-manager/sme9/e-smith-manager-2.6.0-bz10187-emptyback.patch
ViewVC logotype

Contents of /rpms/e-smith-manager/sme9/e-smith-manager-2.6.0-bz10187-emptyback.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Mon Mar 27 22:48:06 2017 UTC (7 years, 7 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-manager-2_6_0-23_el6_sme, e-smith-manager-2_6_0-22_el6_sme, e-smith-manager-2_6_0-21_el6_sme, e-smith-manager-2_6_0-24_el6_sme, e-smith-manager-2_6_0-20_el6_sme, e-smith-manager-2_6_0-25_el6_sme, e-smith-manager-2_6_0-19_el6_sme, e-smith-manager-2_6_0-18_el6_sme, HEAD
Changes since 1.1: +1 -1 lines
* Mon Mar 27 2017 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-18.sme
- fix  typo in e-smith-manager-2.6.0-bz10187-emptyback.patch [SME: 10187]

1 diff -Nur e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login
2 --- e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login 2017-03-25 23:40:27.418000000 -0400
3 +++ e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login 2017-03-25 23:45:23.288000000 -0400
4 @@ -101,7 +101,7 @@
5 #warn "back from cgi param is $back\n" if $back;
6 $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $BACK_REFERER;
7 $back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/i;
8 -$back =~ s/^http:/https:/ if $server_name ne 'localhost';
9 +$back =~ s/^http:/https:/ if $server_name ne 'localhost' && defined($back);
10 #warn "back is $back\n";
11 if ($back && $back =~ m!^/!) {
12 my $hostname = $server_name;
13 @@ -132,7 +132,10 @@
14 my $b = URI->new($back);
15 # If $back domain doesn't match $AUTH_DOMAIN, stop there do not give opportunity to log in
16 my $domain = $AUTH_DOMAIN || $server_name;
17 -if ($b->host !~ m/\b$domain$/i) {
18 +if (! defined($back)) {
19 + $fatal="Missing redirection parameter: \"back\" <br />\nPlease manually enter the address you were trying to reach if you followed a link.<br />\n";
20 +}
21 +if (defined($back) && $b->host !~ m/\b$domain$/i) {
22 $fatal="Bad redirection parameter: \"$back\" is not an authorized redirection.<br />\nYou may be experiencing an attack.<br />\nLogin is not possible on the above URL for your own security.<br />\nPlease manually enter the address you were trying to reach if you followed a link.";
23 }
24

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed