Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthFinishController.php
| Show First 20 Lines • Show All 68 Lines • ▼ Show 20 Lines | public function processRequest() { | ||||
| // TODO: It might be nice to add options like "bind this session to my IP" | // TODO: It might be nice to add options like "bind this session to my IP" | ||||
| // here, even for accounts without multi-factor auth attached to them. | // here, even for accounts without multi-factor auth attached to them. | ||||
| $next = PhabricatorCookies::getNextURICookie($request); | $next = PhabricatorCookies::getNextURICookie($request); | ||||
| $request->clearCookie(PhabricatorCookies::COOKIE_NEXTURI); | $request->clearCookie(PhabricatorCookies::COOKIE_NEXTURI); | ||||
| $request->clearCookie(PhabricatorCookies::COOKIE_HISEC); | $request->clearCookie(PhabricatorCookies::COOKIE_HISEC); | ||||
| if (!PhabricatorEnv::isValidLocalWebResource($next)) { | if (!PhabricatorEnv::isValidLocalURIForLink($next)) { | ||||
| $next = '/'; | $next = '/'; | ||||
| } | } | ||||
| return id(new AphrontRedirectResponse())->setURI($next); | return id(new AphrontRedirectResponse())->setURI($next); | ||||
| } | } | ||||
| } | } | ||||