Uploaded image for project: 'Reference Application'
  1. Reference Application
  2. RA-487

Don't redirect users to relative paths of URLs outside the context path

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: OpenMRS 2.2
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Low

      Description

      The login logic stores the request header for the referer and attempts to redirect the user back to its relative path upon successful login, apparently it will fail if the relative path doesn't exist in the web application or might send the user to the wrong page in case it happens to exist by any chance.

      This can be reproduced on demo.openmrs.org by first going to openmrs.org and click one of the links on it that take you to the demo sever.

      Dev Notes:

      See LoginPageController in openmrs-module-referenceapplication

        Attachments

          Activity

            People

            • Assignee:
              wyclif Wyclif Luyima
              Reporter:
              janflowers Jan Flowers
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: