Project

General

Profile

Actions
Copy link

Bug #6249

closed

Login redirect to invalid URLs

Added by krileon about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
krileon
Target version:
CB 2.1
Start date:
17 October 2016
Due date:
% Done:

100%

Estimated time:

Description

Login redirect seams to be allowing redirect to URLs it shouldn't. For example if you're letting it return to the previous location then the previous location URL should be verified that it even makes sense. You shouldn't be able to login redirect to the confirmation page or registration page for example.

https://www.joomlapolis.com/forum/255-developer-members-support/235024-error-first-login#286982

Actions
Copy link
 #1

Updated by krileon about 8 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1138

There was a missing return url check for the confirm page (check already existed for login, logout, register, and forgot login pages).

Actions
Copy link
 #2

Updated by krileon almost 8 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF