Bug 7959 - login source parameter should remain within OJS context
login source parameter should remain within OJS context
Status: NEW
Product: OJS
Classification: Unclassified
Component: Framework
2.4.x
All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-10 06:28 PDT by Jason Nugent
Modified: 2012-10-10 06:28 PDT (History)
0 users

See Also:
Version Reported In:
Also Affects:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Nugent 2012-10-10 06:28:57 PDT
It is currently possible to pass a fully qualified URL as the 'source' parameter, to be performed as a redirect once login occurs.  This parameter should be sanitized to only allow redirection to pages or components within the OJS installation.