Ermögliche Angabe einer Redirect-URL für den Cert-Login (6575059)

certlogin/index.php

@@ -38,7 +38,7 @@ function get_logins_by_cert($cert)
 
 DEBUG($_ENV);
 
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']))
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
 {
   DEBUG('recording client-cert');
   if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
@@ -67,6 +67,8 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
       $destination = 'go/index/index';
       if (check_path($account['startpage']))
         $destination = $account['startpage'];
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
+        $destination = $_REQUEST['destination'];
       header('Location: ../'.$destination);
       die();
     }
@@ -87,6 +89,8 @@ else
       $destination = 'go/index/index';
       if (check_path($ret[0]['startpage']))
         $destination = $ret[0]['startpage'];
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
+        $destination = $_REQUEST['destination'];
       header('Location: ../'.$destination);
       die();
     }
@@ -100,7 +104,7 @@ else
       elseif ($account['type'] == 'customer') {
         $type = 'Kundenaccount';
       }
-      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username'])).'</li>');
+      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
     }
     output('</ul>');
   } else {


...	...	@@ -38,7 +38,7 @@ function get_logins_by_cert($cert)
38	38
39	39	DEBUG($_ENV);
40	40
41		-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']))
	41	+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
42	42	{
43	43	DEBUG('recording client-cert');
44	44	if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
...	...	@@ -67,6 +67,8 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
67	67	$destination = 'go/index/index';
68	68	if (check_path($account['startpage']))
69	69	$destination = $account['startpage'];
	70	+ if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
	71	+ $destination = $_REQUEST['destination'];
70	72	header('Location: ../'.$destination);
71	73	die();
72	74	}
...	...	@@ -87,6 +89,8 @@ else
87	89	$destination = 'go/index/index';
88	90	if (check_path($ret[0]['startpage']))
89	91	$destination = $ret[0]['startpage'];
	92	+ if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
	93	+ $destination = $_REQUEST['destination'];
90	94	header('Location: ../'.$destination);
91	95	die();
92	96	}
...	...	@@ -100,7 +104,7 @@ else
100	104	elseif ($account['type'] == 'customer') {
101	105	$type = 'Kundenaccount';
102	106	}
103		- output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username'])).'</li>');
	107	+ output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
104	108	}
105	109	output('</ul>');
106	110	} else {
107	111

webinterface.git