MantisBT: master-1.2.x d95f070d

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2015-01-10 12:25 master-1.2.x 5571bcf9
Affected Issues  0017648: CVE-2014-6316: URL redirection issue
 0017997: CVE-2015-1042: URL redirection issue
Changeset

Fix URL redirection issue in login_page.php

The fix for issue 0017648 failed to correct all cases of redirection.

Alejo Popovici discovered that the regex checking for URLs pointing to
other domains considered an URL with a single '/' as local, allowing
redirection e.g. to http:/google.com on certain browsers.

Fixes 0017997 (CVE-2014-6316)

mod - core/string_api.php Diff File