[Owncloud] fixed redirect to desired page after login

Michael Gapczynski mtgap at owncloud.com
Fri May 18 16:32:26 UTC 2012 

It seems that the redirect isn't working with or without sanitizing the 
redirect_url. I'm still trying to figure out what is going on with this.

I know the tar-file is being generated today, but is there a specific time?


Michael

On Friday, May 18, 2012 03:42:24 PM Frank Karlitschek wrote:
> Thanks :-)
> 
> On 18.05.2012, at 15:41, Michiel de Jong <michiel at unhosted.org> wrote:
> > ok, i put it back.
> > 
> > this still needs to be fixed properly though.
> > 
> > On Fri, May 18, 2012 at 3:36 PM, Frank Karlitschek <frank at owncloud.org> 
wrote:
> >> Attackers can do evil stuff if you don't filer header entries.
> >> This code was introduced as part of a security fix a few weeks ago.
> >> 
> >> On 18.05.2012, at 15:20, Michiel de Jong <michiel at unhosted.org> wrote:
> >>> how? it's a header() call.
> >>> 
> >>> ah i just found MTGap on irc. thanks!
> >>> 
> >>> On Fri, May 18, 2012 at 3:18 PM, Frank Karlitschek <frank at owncloud.org> 
wrote:
> >>>> On 18.05.2012, at 15:16, Michiel de Jong <michiel at unhosted.org> wrote:
> >>>>> Hi!
> >>>>> 
> >>>>> Since the new routing, if the user is made to log in, we were always
> >>>>> sending her to the 'files' app, not to the page where she actually
> >>>>> wanted to go. There was also htmlentities() in the redirect header
> >>>>> which made no sense IMO.
> >>>>> 
> >>>>> As this is quite important code, i was waiting for someone in
> >>>>> owncloud-dev to look at it together, but in the end i just committed
> >>>>> this:
> >>>>> 
> >>>>> http://gitorious.org/owncloud/owncloud/commit/ea33b4aaa104252ff344e93a
> >>>>> 434e6c2eedcf438b/diffs/9b5e8a2c634e07d9c6e1693158e224eda7e5f673>>>> 
> >>>> This introduces a XSS bug.
> >>>> Please revert
> >>>> 
> >>>>> So maybe Georg or someone else should check if this is what was
> >>>>> intended. At least it was broken before, and this commit fixes it.
> >>>>> Have a nice release! tomorrow, right?
> >>>>> 
> >>>>> 
> >>>>> cheers,
> >>>>> Michiel
> >>>>> _______________________________________________
> >>>>> Owncloud mailing list
> >>>>> Owncloud at kde.org
> >>>>> https://mail.kde.org/mailman/listinfo/owncloud
> >>> 
> >>> _______________________________________________
> >>> Owncloud mailing list
> >>> Owncloud at kde.org
> >>> https://mail.kde.org/mailman/listinfo/owncloud
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

More information about the Owncloud mailing list