Fixing possibility of open redirection attack on post-registration screens

Fixing the fix of #2295.
2025-10-15 19:54:57 +08:00 · 2015-10-27 22:31:26 +01:00
parent 8c7508546c
commit 393f5bc9d3
2 changed files with 6 additions and 2 deletions
--- a/src/Orchard.Web/Modules/Orchard.Users/Views/Account/ChallengeEmailSent.cshtml
+++ b/src/Orchard.Web/Modules/Orchard.Users/Views/Account/ChallengeEmailSent.cshtml
@@ -1,4 +1,6 @@
@model dynamic
 <h1>@Html.TitleForPage(T("Challenge Email Sent").ToString()) </h1>
 <p>@T("An email has been sent to you. Please click on the link it contains in order to have access on this site.") </p>
-<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>
+@if (Url.IsLocalUrl(Request.QueryString["ReturnUrl"])) {
+    <p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>
+}
--- a/src/Orchard.Web/Modules/Orchard.Users/Views/Account/RegistrationPending.cshtml
+++ b/src/Orchard.Web/Modules/Orchard.Users/Views/Account/RegistrationPending.cshtml
@@ -1,4 +1,6 @@
@model dynamic
 <h1>@Html.TitleForPage(T("User Registration Pending").ToString()) </h1>
 <p>@T("Your user account has been created but has to be approved before it can be used.")</p>
-<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>
+@if (Url.IsLocalUrl(Request.QueryString["ReturnUrl"])) {
+    <p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>    
+}