mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-19 15:51:16 +02:00
Code Issues Releases Wiki Activity

prevent unsafe redirect via logout controller

Browse Source
This commit is contained in:
Sajjad Hashemian
2017-03-04 13:24:15 +03:30
parent 747138402d
commit 7cd73f621e
1 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
framework/core/src/Forum/Controller/LogOutController.php
View File

@@ -11,7 +11,7 @@
namespace Flarum\Forum\Controller; namespace Flarum\Forum\Controller;
use Flarum\Core\User; use Flarum\Core\Access\AssertPermissionTrait;
use Flarum\Event\UserLoggedOut; use Flarum\Event\UserLoggedOut;
use Flarum\Foundation\Application; use Flarum\Foundation\Application;
use Flarum\Http\Controller\ControllerInterface; use Flarum\Http\Controller\ControllerInterface;
@@ -24,6 +24,8 @@ use Zend\Diactoros\Response\RedirectResponse;
class LogOutController implements ControllerInterface class LogOutController implements ControllerInterface
{ {
use AssertPermissionTrait;
/** /**
* @var Application * @var Application
*/ */
@@ -67,24 +69,24 @@ class LogOutController implements ControllerInterface
{ {
$session = $request->getAttribute('session'); $session = $request->getAttribute('session');
$url = array_get($request->getQueryParams(), 'return', $this->app->url());
$response = new RedirectResponse($url);
if ($user = User::find($session->get('user_id'))) {
if (array_get($request->getQueryParams(), 'token') !== $session->get('csrf_token')) { if (array_get($request->getQueryParams(), 'token') !== $session->get('csrf_token')) {
throw new TokenMismatchException; throw new TokenMismatchException;
} }
$actor = $request->getAttribute('actor');
$this->assertRegistered($actor);
$url = array_get($request->getQueryParams(), 'return', $this->app->url());
$response = new RedirectResponse($url);
$this->authenticator->logOut($session); $this->authenticator->logOut($session);
$user->accessTokens()->delete(); $actor->accessTokens()->delete();
$this->events->fire(new UserLoggedOut($user)); $this->events->fire(new UserLoggedOut($actor));
$response = $this->rememberer->forget($response); return $this->rememberer->forget($response);
}
return $response;
} }
} }