From f86606bc6691ec82afffc35ace72af9b93264b11 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Fri, 17 Jan 2020 16:09:03 +0100 Subject: [PATCH 1/2] secured redirect code in login form. --- src/include/functions_common.php | 9 +++++++++ src/include/functions_users.php | 2 ++ src/login.php | 1 + src/userchange.php | 2 +- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/include/functions_common.php b/src/include/functions_common.php index c599cee..5bf7ea7 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -1278,6 +1278,15 @@ function IncludeLanguageFile( $langfile, $failOnError = true ) } } +function SecureRedirect( $szRedir ) +{ + // Remove any domains from URI + $szRedir = parse_url($szRedir, PHP_URL_PATH); + if (strlen($szRedir) == 0) + $szRedir = "index.php"; + return $szRedir; +} + function RedirectPage( $newpage ) { header("Location: $newpage"); diff --git a/src/include/functions_users.php b/src/include/functions_users.php index d962d88..216947d 100644 --- a/src/include/functions_users.php +++ b/src/include/functions_users.php @@ -464,6 +464,7 @@ function RedirectToUserLogin() $referer = $_SERVER['PHP_SELF']; if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 ) $referer .= "?" . $_SERVER['QUERY_STRING']; + $referer = SecureRedirect($referer); header("Location: " . $content['BASEPATH'] . "login.php?referer=" . urlencode($referer) ); exit; @@ -477,6 +478,7 @@ function RedirectToDatabaseUpgrade() $referer = $_SERVER['PHP_SELF']; if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 ) $referer .= "?" . $_SERVER['QUERY_STRING']; + $referer = SecureRedirect($referer); header("Location: " . $content['BASEPATH'] . "admin/upgrade.php?referer=" . urlencode($referer) ); exit; diff --git a/src/login.php b/src/login.php index cc35311..acbbe31 100644 --- a/src/login.php +++ b/src/login.php @@ -63,6 +63,7 @@ else if ( isset($_POST['referer']) ) $szRedir = htmlspecialchars($_POST['referer']); else $szRedir = "index.php"; // Default +$szRedir = SecureRedirect($szRedir); if ( isset($_POST['op']) && $_POST['op'] == "login" ) { diff --git a/src/userchange.php b/src/userchange.php index 26812ed..0ca3664 100644 --- a/src/userchange.php +++ b/src/userchange.php @@ -50,7 +50,7 @@ if ( isset($_SERVER['HTTP_REFERER']) ) $szRedir = $_SERVER['HTTP_REFERER']; else $szRedir = "index.php"; // Default - +$szRedir = SecureRedirect($szRedir); if ( isset($_GET['op']) ) { From e833ca4e98757ef028ff0e61e8faa4796bd50b4e Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Fri, 17 Jan 2020 16:25:05 +0100 Subject: [PATCH 2/2] Finalized Version 4.1.9 --- ChangeLog | 7 +++++++ src/include/functions_common.php | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9d0cbb7..24f5012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,11 @@ --------------------------------------------------------------------------- +Version 4.1.9 (stable), 2020-01-17 +- UserDB: Corrrected sourceid type of reports database with database + update (v12) thanks to spacecabbie on github. +- Fixed Links in Helpmenu (thanks to spacecabbie on github). +- Secured redirect code in login form, thanks for reporting to: + Amal Thamban , Kamal Paul +--------------------------------------------------------------------------- Version 4.1.8 (stable), 2019-09-26 - Add new driver for DBMS ClickHouse - php7.x: fixed multiple compatibility issues. diff --git a/src/include/functions_common.php b/src/include/functions_common.php index 5bf7ea7..ad4b2e2 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -65,7 +65,7 @@ $LANG_EN = "en"; // Used for fallback $LANG = "en"; // Default language // Default Template vars -$content['BUILDNUMBER'] = "4.1.8"; +$content['BUILDNUMBER'] = "4.1.9"; $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt"; $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title $content['BASEPATH'] = $gl_root_path;