FS#67615 - [aurweb] Login page id_referer does not match http referer
Attached to Project:
AUR web interface
Opened by Lee (faultylee) - Monday, 17 August 2020, 02:02 GMT
Last edited by Kevin Morris (kevr) - Saturday, 12 February 2022, 23:28 GMT
Opened by Lee (faultylee) - Monday, 17 August 2020, 02:02 GMT
Last edited by Kevin Morris (kevr) - Saturday, 12 February 2022, 23:28 GMT
|
Details
* What happend?
I was at https://aur.archlinux.org/packages/systemd-cron-next/ and I went to login and after logging in I was redirected to https://aur.archlinux.org/packages/osu-lazer/ After trying this a few times, I noticed this is happening randomly. I then poked at the login page, I noticed the hidden input for `id_referer` contains a wrong value, not the original referrer and I verified that the referrer in the request header was indeed correct * What to expect? After login, browser should redirect to the original page. The hidden input `id_referer` in login page should contain the correct referrer in the request header for login page. * Remark I took a look at aurweb source code and I'm not PHP expert but the code looks right. The only thing I can suspect is the global variable leaking somewhere. |
This task depends upon
Closed by Kevin Morris (kevr)
Saturday, 12 February 2022, 23:28 GMT
Reason for closing: Deferred
Additional comments about closing: The HTTP referrer handling has changed since v6.0.0. Please open a new task regarding this issue if it remains.
Saturday, 12 February 2022, 23:28 GMT
Reason for closing: Deferred
Additional comments about closing: The HTTP referrer handling has changed since v6.0.0. Please open a new task regarding this issue if it remains.
<?php if (in_request('referer') !== ""): ?>
<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" />
<?php elseif (isset($_SERVER['HTTP_REFERER'])): ?>
<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" />
<?php endif; ?>