Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-01 03:26:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #5156

Browse Source
This commit is contained in:
Julian Lam
2016-10-25 16:52:03 -04:00
parent e515b791da
commit 0590a4f2cf
4 changed files with 8 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/controllers/authentication.js
View File

@@ -196,15 +196,6 @@ authenticationController.registerAbort = function (req, res) {
};
authenticationController.login = function (req, res, next) {
// Handle returnTo data
if (req.body.hasOwnProperty('returnTo') && !req.session.returnTo) {
// As req.body is data obtained via userland, it is untrusted, restrict to internal links only
var parsed = url.parse(req.body.returnTo);
var isInternal = utils.isInternalURI(url.parse(req.body.returnTo), nconf.get('url_parsed'), nconf.get('relative_path'));
req.session.returnTo = isInternal ? req.body.returnTo : nconf.get('url');
}
if (plugins.hasListeners('action:auth.overrideLogin')) {
return continueLogin(req, res, next);
}