vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-03-30 23:03:03 -07:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

add redirect after log in to support deep links

Browse Source 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
This commit is contained in:
jokob-sk
2026-02-09 12:49:50 +11:00
parent 3d3abe7e53
commit 3036cd04fc
2 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
front/index.php
View File

@@ -7,6 +7,10 @@ require_once $_SERVER['DOCUMENT_ROOT'].'/php/server/db.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/language/lang.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/security.php';
// if (session_status() === PHP_SESSION_NONE) {
// session_start();
// }
session_start();
const COOKIE_NAME = 'NetAlertX_SaveLogin';
@@ -25,10 +29,13 @@ function validate_local_path(?string $encoded): string {
if (!$encoded) return DEFAULT_REDIRECT;
$decoded = base64_decode($encoded, true);
if ($decoded === false) return DEFAULT_REDIRECT;
if ($decoded === false) {
return DEFAULT_REDIRECT;
}
// strict local path check
if (!preg_match('#^/[a-zA-Z0-9_\-/\.]*$#', $decoded)) {
// strict local path check (allow safe query strings + fragments)
// Using ~ as the delimiter instead of #
if (!preg_match('~^(?!//)(?!.*://)/[a-zA-Z0-9_\-./?=&:%#]*$~', $decoded)) {
return DEFAULT_REDIRECT;
}
@@ -74,7 +81,9 @@ $redirectTo = validate_local_path($_GET['next'] ?? null);
===================================================== */
if ($nax_WebProtection !== 'true') {
login_user();
if (!is_authenticated()) {
login_user();
}
safe_redirect(append_hash($redirectTo));
}
@@ -190,7 +199,11 @@ if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923
<!-- /.login-logo -->
<div class="login-box-body">
<p class="login-box-msg"><?= lang('Login_Box');?></p>
<form action="index.php<?php echo !empty($_GET['next']) ? '?next=' . htmlspecialchars($_GET['next']) : ''; ?>" method="post">
<form action="index.php<?php
echo !empty($_GET['next'])
? '?next=' . htmlspecialchars($_GET['next'], ENT_QUOTES, 'UTF-8')
: '';
?>" method="post">
<div class="form-group has-feedback">
<input type="hidden" name="url_hash" id="url_hash">
<input type="password" class="form-control" placeholder="<?= lang('Login_Psw-box');?>" name="loginpassword">