Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
I found that this module is simple and great.
But I have some problems with Moodle "bakery" plugin.
When I click login link on Moodle I have been redirected to Drupal login page with GET arg return_dest
, and after successful login I still placed on Drupal side.
There is no any redirects back to Moodle in this case, but if I go to the Moodle manually, I will be logged in.
Comment | File | Size | Author |
---|---|---|---|
#6 | bakery-moodle_integration-2535628-6.patch | 998 bytes | kala4ek |
#1 | bakery-moodle_integration-2535628-1.patch | 635 bytes | kala4ek |
Comments
Comment #1
kala4ekI've created simple patch, that fix it for me.
Please, review it, I think it'll help to smb else.
Comment #2
eugene.ilyin CreditAttribution: eugene.ilyin commentedThis patch works well for me! Thank you
Comment #3
drummThis looks like a security issue. At best, arbitrary redirection. Maybe arbitrary header injection if newlines can get through
urldecode()
.For Drupal.org we have similar functionality in custom code, http://cgit.drupalcode.org/drupalorg_crosssite/tree/drupalorg_crosssite..... This checks that the redirection is in a whitelist of expected domains.
Comment #4
kala4ekWill update patch soon
Comment #5
kala4ekUpdated patch, now redirect can be done only to one of slaves.
Comment #6
kala4ekWrong one, this is right patch.
Comment #7
kala4ek