PKP Bugzilla – Bug 7959
login source parameter should remain within OJS context
Last modified: 2012-10-10 06:28:57 PDT
We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.
It is currently possible to pass a fully qualified URL as the 'source' parameter, to be performed as a redirect once login occurs. This parameter should be sanitized to only allow redirection to pages or components within the OJS installation.