lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Encodes correctly the login regirect URL parameters

main
Yasen Pramatarov 2025-12-15 18:27:47 +02:00
parent b239b73689
commit a272294fc0
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/pages/login.php
View File

@ -300,6 +300,6 @@ function handleSuccessfulLogin($userId, $username, $rememberMe, $config, $app_ro
) { ) {
$redirect = $candidate; $redirect = $candidate;
} }
header('Location: ' . htmlspecialchars($redirect)); header('Location: ' . $redirect);
exit(); exit();
} }

6
app/templates/form-login.php
View File

@ -43,8 +43,10 @@
<i class="fas fa-sign-in-alt me-2"></i>Sign in <i class="fas fa-sign-in-alt me-2"></i>Sign in
</button> </button>
</div> </div>
<?php if (isset($_GET['redirect'])): ?> <?php if (isset($_GET['redirect'])):
<input type="hidden" name="redirect" value="<?php echo htmlspecialchars($_GET['redirect']); ?>"> $loginRawRedirect = $_GET['redirect'];
?>
<input type="hidden" name="redirect" value="<?= htmlspecialchars($loginRawRedirect, ENT_QUOTES, 'UTF-8'); ?>">
<?php endif; ?> <?php endif; ?>
</form> </form>
</div> </div>