Skip to content

Commit

Permalink
Add back-link sanitization on logout page
Browse files Browse the repository at this point in the history
  • Loading branch information
@darh
darh committed Mar 1, 2022
1 parent 86e2ef3 commit 8c0a622
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 8 deletions.
8 changes: 4 additions & 4 deletions auth/handlers/handle_logout.go
View file
Expand Up @@ -22,10 +22,10 @@ func (h *AuthHandlers) logoutProc(req *request.AuthReq) (err error) {

req.Template = TmplLogout

if req.Request.FormValue("back") != "" {
req.Data["link"] = req.Request.FormValue("back")
} else {
req.Data["link"] = GetLinks().Login
req.Data["link"] = GetLinks().Login

if bl := req.Request.FormValue("back"); bl != "" {
req.Data["link"] = sanitizeLink(bl)
}

return
Expand Down
4 changes: 2 additions & 2 deletions auth/handlers/handle_logout_test.go
View file
Expand Up @@ -35,14 +35,14 @@ func Test_logoutProc(t *testing.T) {
authReq = prepareClientAuthReq(authHandlers, req, user)

req.PostForm = url.Values{}
req.PostForm.Add("back", "/back")
req.PostForm.Add("back", "\"><script>alert(origin)</script><\"")
authReq.Session.Values = map[interface{}]interface{}{"key": url.Values{"key": []string{"value"}}}

err := authHandlers.logoutProc(authReq)
rq.NoError(err)
rq.Empty(authReq.Session.Values)
rq.Empty(authReq.AuthUser)
rq.Empty(authReq.Client)
rq.Equal("/back", authReq.Data["link"])
rq.Equal("scriptalert(origin)/script", authReq.Data["link"])
rq.Equal(TmplLogout, authReq.Template)
}
14 changes: 12 additions & 2 deletions auth/handlers/links.go
View file
@@ -1,6 +1,9 @@
package handlers

import "strings"
import (
"regexp"
"strings"
)

type (
Links struct {
Expand Down Expand Up @@ -47,7 +50,10 @@ type (
}
)

var BasePath string = "/"
var (
invalidLinkChars = regexp.MustCompile(`[^-A-Za-z0-9+&@#/%?=~_|!:,.;\\(\\)]`)
BasePath string = "/"
)

func GetLinks() Links {
var b = strings.TrimSuffix(BasePath, "/") + "/"
Expand Down Expand Up @@ -101,3 +107,7 @@ func tbp(s string) string {

return s
}

func sanitizeLink(l string) string {
return invalidLinkChars.ReplaceAllString(l, "")
}

0 comments on commit 8c0a622

Please sign in to comment.