mahara-contributors team mailing list archive

Thread
Date

[Bug 836358] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <836358@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Aug 2011 03:53:56 -0000
Reply-to: Bug 836358 <836358@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/618
Committed: http://gitorious.org/mahara/mahara/commit/a96a3e361a314f49bfd6bce723fc2611aa20df7a
Submitter: Hugh Davenport (hugh@xxxxxxxxxxxxxxx)
Branch:    master

commit a96a3e361a314f49bfd6bce723fc2611aa20df7a
Author: Piers Harding <piers@xxxxxxxxxxxxxxx>
Date:   Mon Aug 29 12:38:15 2011 +1200

    auth/saml sanitise user redirection (bug #836358)
    
    Ensure that the target 'wantsurl' for redirection
    is not back to itself, and is also within the
    current site.
    
    Change-Id: Ieb729e47b4cad3e52985e72065e6f8e8c8f338f7
    Signed-off-by: Piers Harding <piers@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/836358

Title:
  auth/saml does not always do sensible redirection after login

Status in Mahara ePortfolio:
  In Progress

Bug description:
  auth/saml does not check correctly that the 'wantsurl' value set for
  the redirection is sane, and does not cause redirection loops, or send
  the user outside of the site.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/836358/+subscriptions

References

[Bug 836358] [NEW] auth/saml does not always do sensible redirection after login
From: PiersHarding, 2011-08-29