Revision c416f6fa
Added by Jim Pingle about 4 years ago
| src/etc/inc/captiveportal.inc | ||
|---|---|---|
| 2264 | 2264 |
|
| 2265 | 2265 |
/* Get captive portal layout */ |
| 2266 | 2266 |
if ($type == "redir") {
|
| 2267 |
$redirurl = is_URL($redirurl) ? $redirurl : $portal_url; |
|
| 2267 |
$redirurl = is_URL($redirurl, true) ? $redirurl : $portal_url;
|
|
| 2268 | 2268 |
header("Location: {$redirurl}");
|
| 2269 | 2269 |
return; |
| 2270 | 2270 |
} else if ($type == "login") {
|
| ... | ... | |
| 2665 | 2665 |
} |
| 2666 | 2666 |
} |
| 2667 | 2667 |
/* redirect user to desired destination */ |
| 2668 |
if (is_URL($attributes['url_redirection'])) {
|
|
| 2668 |
if (is_URL($attributes['url_redirection'], true)) {
|
|
| 2669 | 2669 |
$my_redirurl = $attributes['url_redirection']; |
| 2670 |
} else if (is_URL($config['captiveportal'][$cpzone]['redirurl'])) {
|
|
| 2670 |
} else if (is_URL($config['captiveportal'][$cpzone]['redirurl'], true)) {
|
|
| 2671 | 2671 |
$my_redirurl = $config['captiveportal'][$cpzone]['redirurl']; |
| 2672 |
} else if (is_URL($redirurl)) {
|
|
| 2672 |
} else if (is_URL($redirurl, true)) {
|
|
| 2673 | 2673 |
$my_redirurl = $redirurl; |
| 2674 | 2674 |
} |
| 2675 | 2675 |
|
| src/etc/inc/util.inc | ||
|---|---|---|
| 2511 | 2511 |
* NAME |
| 2512 | 2512 |
* is_URL |
| 2513 | 2513 |
* INPUTS |
| 2514 |
* string to check |
|
| 2514 |
* $url: string to check |
|
| 2515 |
* $httponly: Only allow HTTP or HTTPS scheme |
|
| 2515 | 2516 |
* RESULT |
| 2516 | 2517 |
* Returns true if item is a URL |
| 2517 | 2518 |
******/ |
| 2518 |
function is_URL($url) {
|
|
| 2519 |
function is_URL($url, $httponly = false) {
|
|
| 2519 | 2520 |
$match = preg_match("'\b(([\w-]+://?|www[.])[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|/)))'", $url);
|
| 2520 | 2521 |
if ($match) {
|
| 2521 |
return true; |
|
| 2522 |
if ($httponly) {
|
|
| 2523 |
$urlparts = parse_url($url); |
|
| 2524 |
return in_array(strtolower($urlparts['scheme']), array('http', 'https'));
|
|
| 2525 |
} else {
|
|
| 2526 |
return true; |
|
| 2527 |
} |
|
| 2522 | 2528 |
} |
| 2523 | 2529 |
return false; |
| 2524 | 2530 |
} |
| src/usr/local/captiveportal/index.php | ||
|---|---|---|
| 44 | 44 |
$orig_request = trim($_REQUEST['redirurl'], " /"); |
| 45 | 45 |
|
| 46 | 46 |
/* If the post-auth redirect is set, always use it. Otherwise take what was supplied in URL. */ |
| 47 |
if (!empty($cpcfg) && is_URL($cpcfg['redirurl'])) {
|
|
| 47 |
if (!empty($cpcfg) && is_URL($cpcfg['redirurl'], true)) {
|
|
| 48 | 48 |
$redirurl = $cpcfg['redirurl']; |
| 49 | 49 |
} elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
|
| 50 | 50 |
$redirurl = urldecode($matches[1]); |
| ... | ... | |
| 52 | 52 |
$redirurl = $_REQUEST['redirurl']; |
| 53 | 53 |
} |
| 54 | 54 |
/* Sanity check: If the redirect target is not a URL, do not attempt to use it like one. */ |
| 55 |
if (!is_URL(urldecode($redirurl))) {
|
|
| 55 |
if (!is_URL(urldecode($redirurl), true)) {
|
|
| 56 | 56 |
$redirurl = ""; |
| 57 | 57 |
} |
| 58 | 58 |
|
| ... | ... | |
| 228 | 228 |
captiveportal_free_dn_ruleno($pipeno); |
| 229 | 229 |
$type = "error"; |
| 230 | 230 |
|
| 231 |
if (is_URL($auth_result['attributes']['url_redirection'])) {
|
|
| 231 |
if (is_URL($auth_result['attributes']['url_redirection'], true)) {
|
|
| 232 | 232 |
$redirurl = $auth_result['attributes']['url_redirection']; |
| 233 | 233 |
$type = "redir"; |
| 234 | 234 |
} |
Also available in: Unified diff
Portal Redir URL scheme check. Fixes #11843
HTTPS