Bug 7959

Summary: login source parameter should remain within OJS context
Product: OJS Reporter: Jason Nugent <jason.nugent>
Component: FrameworkAssignee: PKP Support <pkp-support>
Status: NEW ---    
Severity: normal    
Priority: P3    
Version: 2.4.x   
Hardware: All   
OS: All   
Version Reported In: Also Affects:

Description Jason Nugent 2012-10-10 06:28:57 PDT 
It is currently possible to pass a fully qualified URL as the 'source' parameter, to be performed as a redirect once login occurs.  This parameter should be sanitized to only allow redirection to pages or components within the OJS installation.