Revision c416f6fa
Added by Jim Pingle about 4 years ago
| src/usr/local/captiveportal/index.php | ||
|---|---|---|
| 44 | 44 |
$orig_request = trim($_REQUEST['redirurl'], " /"); |
| 45 | 45 |
|
| 46 | 46 |
/* If the post-auth redirect is set, always use it. Otherwise take what was supplied in URL. */ |
| 47 |
if (!empty($cpcfg) && is_URL($cpcfg['redirurl'])) {
|
|
| 47 |
if (!empty($cpcfg) && is_URL($cpcfg['redirurl'], true)) {
|
|
| 48 | 48 |
$redirurl = $cpcfg['redirurl']; |
| 49 | 49 |
} elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
|
| 50 | 50 |
$redirurl = urldecode($matches[1]); |
| ... | ... | |
| 52 | 52 |
$redirurl = $_REQUEST['redirurl']; |
| 53 | 53 |
} |
| 54 | 54 |
/* Sanity check: If the redirect target is not a URL, do not attempt to use it like one. */ |
| 55 |
if (!is_URL(urldecode($redirurl))) {
|
|
| 55 |
if (!is_URL(urldecode($redirurl), true)) {
|
|
| 56 | 56 |
$redirurl = ""; |
| 57 | 57 |
} |
| 58 | 58 |
|
| ... | ... | |
| 228 | 228 |
captiveportal_free_dn_ruleno($pipeno); |
| 229 | 229 |
$type = "error"; |
| 230 | 230 |
|
| 231 |
if (is_URL($auth_result['attributes']['url_redirection'])) {
|
|
| 231 |
if (is_URL($auth_result['attributes']['url_redirection'], true)) {
|
|
| 232 | 232 |
$redirurl = $auth_result['attributes']['url_redirection']; |
| 233 | 233 |
$type = "redir"; |
| 234 | 234 |
} |
Also available in: Unified diff
Portal Redir URL scheme check. Fixes #11843
HTTPS