hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes #4966

Browse Source
v1.18.x
Julian Lam 9 years ago
parent de49de3c56
commit 60ea7d5121
4 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File

2
app.js
Unescape Escape View File

@ -103,6 +103,8 @@ function loadConfig() {
nconf.set('themes_path', path.resolve(__dirname, nconf.get('themes_path')));
nconf.set('core_templates_path', path.join(__dirname, 'src/views'));
nconf.set('base_templates_path', path.join(nconf.get('themes_path'), 'nodebb-theme-persona/templates'));
nconf.set('url_parsed', url.parse(nconf.get('url')));
}

4
public/src/ajaxify.js
Unescape Escape View File

@ -334,9 +334,7 @@ $(document).ready(function() {
return;
}
var internalLink = this.host === '' || // Relative paths are always internal links
(this.host === window.location.host && this.protocol === window.location.protocol && // Otherwise need to check if protocol and host match
(RELATIVE_PATH.length > 0 ? this.pathname.indexOf(RELATIVE_PATH) === 0 : true)); // Subfolder installs need this additional check
var internalLink = utils.isInternalURI(this, window.location, RELATIVE_PATH);
if ($(this).attr('data-ajaxify') === 'false') {
if (!internalLink) {

8
public/src/utils.js
Unescape Escape View File

@ -431,6 +431,14 @@
}
return utils.props(obj[prop], newProps, value);
},
isInternalURI: function(targetLocation, referenceLocation, relative_path) {
return targetLocation.host === '' || // Relative paths are always internal links
(
targetLocation.host === referenceLocation.host && targetLocation.protocol === referenceLocation.protocol && // Otherwise need to check if protocol and host match
(relative_path.length > 0 ? targetLocation.pathname.indexOf(relative_path) === 0 : true) // Subfolder installs need this additional check
);
}
};

11
src/controllers/authentication.js
Unescape Escape View File

@ -6,6 +6,7 @@ var passport = require('passport');
var nconf = require('nconf');
var validator = require('validator');
var _ = require('underscore');
var url = require('url');
var db = require('../database');
var meta = require('../meta');
@ -168,7 +169,7 @@ authenticationController.registerComplete = function(req, res, next) {
} else {
res.redirect(nconf.get('relative_path') + '/');
}
}
};
async.parallel(callbacks, function(err) {
if (err) {
@ -187,7 +188,7 @@ authenticationController.registerComplete = function(req, res, next) {
});
};
authenticationController.registerAbort = function(req, res, next) {
authenticationController.registerAbort = function(req, res) {
// End the session and redirect to home
req.session.destroy(function() {
res.redirect(nconf.get('relative_path') + '/');
@ -197,7 +198,11 @@ authenticationController.registerAbort = function(req, res, next) {
authenticationController.login = function(req, res, next) {
// Handle returnTo data
if (req.body.hasOwnProperty('returnTo') && !req.session.returnTo) {
req.session.returnTo = req.body.returnTo;
// As req.body is data obtained via userland, it is untrusted, restrict to internal links only
var parsed = url.parse(req.body.returnTo);
var isInternal = utils.isInternalURI(url.parse(req.body.returnTo), nconf.get('url_parsed'), nconf.get('relative_path'));
req.session.returnTo = isInternal ? req.body.returnTo : nconf.get('url');
}
if (plugins.hasListeners('action:auth.overrideLogin')) {

Write Preview
Loading…
Cancel
Save