Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix redirect on unsupported browser warning #38194

Merged
merged 1 commit into from
May 11, 2023
Merged

Fix redirect on unsupported browser warning #38194

merged 1 commit into from
May 11, 2023

Conversation

skjnldsv
Copy link
Member

Prevent the usage of unwanted redirects like
https://nextcloud27.local/index.php/unsupported?redirect_url=aHR0cHM6Ly9naXRodWIuY29tL25leHRjbG91ZC9zZXJ2ZXIv

if it doesn't starts by a leading slash, it will ignore the redirect_url param and redirects to the cloud home

@skjnldsv skjnldsv requested review from nickvergessen, a team, susnux, nfebe and Pytal and removed request for a team May 11, 2023 06:58
@skjnldsv skjnldsv self-assigned this May 11, 2023
@skjnldsv skjnldsv added bug 3. to review Waiting for reviews security labels May 11, 2023
@skjnldsv skjnldsv added this to the Nextcloud 27 milestone May 11, 2023
@nickvergessen nickvergessen changed the title fix: prevent malicious url in unsupported browser redirect Fix redirect on unsupported browser warning May 11, 2023
@skjnldsv skjnldsv merged commit e176848 into master May 11, 2023
@skjnldsv skjnldsv deleted the fix/unsupported-redirect branch May 11, 2023 08:15
@skjnldsv
Copy link
Member Author

/backport to stable26

@skjnldsv
Copy link
Member Author

/backport to stable25

@backportbot-nextcloud
Copy link

The backport to stable26 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable26
git pull origin/stable26

# Create the new backport branch
git checkout -b fix/foo-stable26

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123

# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable26

More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport

@backportbot-nextcloud

This comment was marked as off-topic.

Sign in to view
@skjnldsv
Copy link
Member Author

No idea why stable26 failed.
25 doesn't have this file though, so it's unecessary.

@skjnldsv skjnldsv mentioned this pull request May 11, 2023
Merged
@skjnldsv
Copy link
Member Author

#38208

@blizzz blizzz mentioned this pull request May 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@nickvergessen nickvergessen nickvergessen approved these changes

@susnux susnux Awaiting requested review from susnux susnux was automatically assigned from nextcloud/server-frontend

@nfebe nfebe Awaiting requested review from nfebe nfebe was automatically assigned from nextcloud/server-frontend

@Pytal Pytal Awaiting requested review from Pytal Pytal was automatically assigned from nextcloud/server-frontend

Assignees

@skjnldsv skjnldsv

Labels
3. to review Waiting for reviews bug
Projects
None yet
Milestone
Nextcloud 27
Development

Successfully merging this pull request may close these issues.
3 participants
@skjnldsv @nickvergessen @AndyScherzinger