auth/saml does not always do sensible redirection after login
Bug #836358 reported by
PiersHarding
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
PiersHarding |
Bug Description
auth/saml does not check correctly that the 'wantsurl' value set for the redirection is sane, and does not cause redirection loops, or send the user outside of the site.
Changed in mahara: | |
status: | New → In Progress |
assignee: | nobody → PiersHarding (piersharding) |
Changed in mahara: | |
importance: | Undecided → Medium |
Changed in mahara: | |
milestone: | none → 1.5.0 |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /reviews. mahara. org/618 gitorious. org/mahara/ mahara/ commit/ a96a3e361a314f4 9bfd6bce723fc26 11aa20df7a
Committed: http://
Submitter: Hugh Davenport (<email address hidden>)
Branch: master
commit a96a3e361a314f4 9bfd6bce723fc26 11aa20df7a
Author: Piers Harding <email address hidden>
Date: Mon Aug 29 12:38:15 2011 +1200
auth/saml sanitise user redirection (bug #836358)
Ensure that the target 'wantsurl' for redirection
is not back to itself, and is also within the
current site.
Change-Id: Ieb729e47b4cad3 e52985e72065e6f 8e8c8f338f7
Signed-off-by: Piers Harding <email address hidden>