Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F726994
D15.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Mon, Jan 6, 4:51 AM
Size
1 KB
Mime Type
text/x-diff
Expires
Tue, Jan 7, 4:51 AM (3 d, 3 h ago)
Engine
blob
Format
Raw Data
Handle
536656
Attached To
D15: INP-1386 - Don't violate Same-Origin Policy by doing redirect within AJAX request
D15.id.diff
View Options
Index: core/kernel/application.php
===================================================================
--- core/kernel/application.php
+++ core/kernel/application.php
@@ -1911,8 +1911,8 @@
return;
}
else {
- if ( $this->GetVar('ajax') == 'yes' && $t != $this->GetVar('t') ) {
- // redirection to other then current template during ajax request
+ if ( $this->GetVar('ajax') == 'yes' && ($t != $this->GetVar('t') || !$this->isSOPSafe($location, $t)) ) {
+ // redirection to other then current template during ajax request OR SOP violation
kUtil::safeDefine('DBG_SKIP_REPORTING', 1);
echo '#redirect#' . $location;
}
@@ -1944,6 +1944,34 @@
ob_end_flush();
exit;
+ }
+
+ /**
+ * Determines if real redirect should be made within AJAX request.
+ *
+ * @param string $url Location.
+ * @param string $template Template.
+ *
+ * @return boolean
+ * @link http://en.wikipedia.org/wiki/Same-origin_policy
+ */
+ protected function isSOPSafe($url, $template)
+ {
+ $parsed_url = parse_url($url);
+
+ if ( $parsed_url['scheme'] . '://' != PROTOCOL ) {
+ return false;
+ }
+
+ if ( $parsed_url['host'] != SERVER_NAME ) {
+ return false;
+ }
+
+ if ( defined('PORT') && isset($parsed_url['port']) && $parsed_url['port'] != PORT ) {
+ return false;
+ }
+
+ return true;
}
/**
Event Timeline
Log In to Comment