PKP Bugzilla – Bug 7959
login source parameter should remain within OJS context
Last modified: 2012-10-10 06:28:57 PDT
It is currently possible to pass a fully qualified URL as the 'source' parameter, to be performed as a redirect once login occurs. This parameter should be sanitized to only allow redirection to pages or components within the OJS installation.