[login] fix url redirection (#6325)

* prevent open redirection attack

resources/check_auth.php

@@ -297,7 +297,17 @@
 
 		//if logged in, redirect to login destination
 			if (!isset($_REQUEST["key"])) {
-				if (isset($_SESSION['login']['destination']['url'])) {
+				if (isset($_SESSION['redirect_path'])) {
+					$redirect_path = $_SESSION['redirect_path'];
+					unset($_SESSION['redirect_path']);
+					// prevent open redirect attacks. redirect url shouldn't contain a hostname
+					$parsed_url = parse_url($redirect_path);
+					if ($parsed_url['host']) {
+						die("Was someone trying to hack you?");
+					}
+					header("Location: ".$redirect_path);
+				}
+				elseif (isset($_SESSION['login']['destination']['url'])) {
 					header("Location: ".$_SESSION['login']['destination']['url']);
 				} elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
 					header("Location: ".PROJECT_PATH."/core/dashboard/");

resources/login.php

@@ -254,6 +254,10 @@
 		$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/";
 	}
 
+	if (strlen($_REQUEST['path']) > 0) {
+		$_SESSION['redirect_path'] = $_REQUEST['path'];
+	}
+
 //add the header
 	$document['title'] = $text['title-login'];
 	include "resources/header.php";