Fix redirect after login, prevent open redirects

diff --git a/index.php b/index.php
index 94b9def0b41aac826fc3b896eba0d110990db560..690fc90e7524007281bd1fc360573178dd32717b 100644 (file)
--- a/index.php
+++ b/index.php
@@ -117,6 +117,7 @@ elseif(OC_User::isLoggedIn()) {
        if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
                $sectoken=rand(1000000,9999999);
                $_SESSION['sectoken']=$sectoken;
-               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
+               $redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
+               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
        }
 }

diff --git a/lib/util.php b/lib/util.php
index 0e5f3a7362ced18699897b2674d7002d91f46f47..d8f440c1d2dde810e03b580ebc156a53c09f9c50 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -311,8 +311,8 @@ class OC_Util {
        * Redirect to the user default page
        */
        public static function redirectToDefaultPage(){
-               if(isset($_REQUEST['redirect_url'])) {
-                       header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
+               if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
+                       header( 'Location: '.$_REQUEST['redirect_url']);
                } else {
                        header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
                }