Commit ee24bd4
authored
Fix an open redirect weakness in getLoginRedirect() (#795)
Because of how browsers handle the `Location` header, values beginning
with `\` can be leveraged to create redirect targets on other domains.
Thanks to Volker Dusch and the PHP Ecosystem security team for reporting this.1 parent 6d6cc71 commit ee24bd4
2 files changed
Lines changed: 49 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
398 | 398 | | |
399 | 399 | | |
400 | 400 | | |
| 401 | + | |
401 | 402 | | |
402 | | - | |
| 403 | + | |
| 404 | + | |
| 405 | + | |
| 406 | + | |
| 407 | + | |
| 408 | + | |
| 409 | + | |
| 410 | + | |
| 411 | + | |
| 412 | + | |
| 413 | + | |
403 | 414 | | |
404 | 415 | | |
405 | 416 | | |
406 | 417 | | |
407 | 418 | | |
408 | 419 | | |
409 | 420 | | |
| 421 | + | |
| 422 | + | |
| 423 | + | |
410 | 424 | | |
411 | 425 | | |
412 | 426 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
822 | 822 | | |
823 | 823 | | |
824 | 824 | | |
825 | | - | |
| 825 | + | |
826 | 826 | | |
827 | 827 | | |
828 | 828 | | |
| |||
863 | 863 | | |
864 | 864 | | |
865 | 865 | | |
| 866 | + | |
| 867 | + | |
| 868 | + | |
| 869 | + | |
| 870 | + | |
| 871 | + | |
| 872 | + | |
| 873 | + | |
| 874 | + | |
| 875 | + | |
| 876 | + | |
| 877 | + | |
| 878 | + | |
| 879 | + | |
| 880 | + | |
| 881 | + | |
| 882 | + | |
| 883 | + | |
| 884 | + | |
| 885 | + | |
| 886 | + | |
| 887 | + | |
| 888 | + | |
| 889 | + | |
| 890 | + | |
| 891 | + | |
| 892 | + | |
| 893 | + | |
| 894 | + | |
| 895 | + | |
| 896 | + | |
| 897 | + | |
| 898 | + | |
866 | 899 | | |
867 | 900 | | |
868 | 901 | | |
| |||
0 commit comments