Project

General

Profile

Actions

Bug #6249

closed

Login redirect to invalid URLs

Added by krileon over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
17 October 2016
Due date:
% Done:

100%

Estimated time:

Description

Login redirect seams to be allowing redirect to URLs it shouldn't. For example if you're letting it return to the previous location then the previous location URL should be verified that it even makes sense. You shouldn't be able to login redirect to the confirmation page or registration page for example.

https://www.joomlapolis.com/forum/255-developer-members-support/235024-error-first-login#286982

Actions #1

Updated by krileon over 7 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1138

There was a missing return url check for the confirm page (check already existed for login, logout, register, and forgot login pages).

Actions #2

Updated by krileon over 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF