Mahara

auth/saml does not always do sensible redirection after login

Bug #836358 reported by PiersHarding on 2011-08-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Medium	PiersHarding	Mahara 1.5.0

Bug Description

auth/saml does not check correctly that the 'wantsurl' value set for the redirection is sane, and does not cause redirection loops, or send the user outside of the site.

PiersHarding (piersharding) on 2011-08-29

Changed in mahara:
status:	New → In Progress
assignee:	nobody → PiersHarding (piersharding)

François Marier (fmarier) on 2011-08-29

Changed in mahara:
importance:	Undecided → Medium

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-08-29: A change has been merged

Reviewed: https://reviews.mahara.org/618
Committed: http://gitorious.org/mahara/mahara/commit/a96a3e361a314f49bfd6bce723fc2611aa20df7a
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit a96a3e361a314f49bfd6bce723fc2611aa20df7a
Author: Piers Harding <email address hidden>
Date: Mon Aug 29 12:38:15 2011 +1200

auth/saml sanitise user redirection (bug #836358)

    Ensure that the target 'wantsurl' for redirection
    is not back to itself, and is also within the
    current site.

Change-Id: Ieb729e47b4cad3e52985e72065e6f8e8c8f338f7
Signed-off-by: Piers Harding <email address hidden>

François Marier (fmarier) on 2011-08-29

Changed in mahara:
milestone:	none → 1.5.0
status:	In Progress → Fix Committed

Melissa Draper (melissa) on 2012-04-18

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.