diff --git a/CHANGELOG b/CHANGELOG index 5175ccf90..bb774bd1f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -219,6 +219,7 @@ expired - much better form validation based on jquery validation - secure unlocking/locking of a documents with form token to prevent CSRF attacks +- append referuri to base url to prevent redirects to arbitraty sites in op.Login.php -------------------------------------------------------------------------------- Changes in version 5.1.22 diff --git a/SeedDMS_Core/Core/inc.ClassAttribute.php b/SeedDMS_Core/Core/inc.ClassAttribute.php index 2a7220cf9..a4825d35f 100644 --- a/SeedDMS_Core/Core/inc.ClassAttribute.php +++ b/SeedDMS_Core/Core/inc.ClassAttribute.php @@ -1238,7 +1238,8 @@ class SeedDMS_Core_AttributeDefinition { /* {{{ */ break; case self::type_email: foreach($values as $value) { - $success &= preg_match('/^[a-z0-9._-]+@+[a-z0-9._-]+\.+[a-z]{2,4}$/i', $value); + $success &= filter_var($value, FILTER_VALIDATE_EMAIL); + //preg_match('/^[a-z0-9._-]+@+[a-z0-9._-]+\.+[a-z]{2,63}$/i', $value); } if(!$success) $this->_validation_error = 5; diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml index c3fd7df6b..3157100f0 100644 --- a/SeedDMS_Core/package.xml +++ b/SeedDMS_Core/package.xml @@ -1905,6 +1905,7 @@ add method SeedDMS_Core_DatabaseAccess::setLogFp() - add methods SeedDMS_Core_DocumentContent::getReviewers() and SeedDMS_Core_DocumentContent::getApprovers() - add methods SeedDMS_Core_DocumentContent::getApproveLog() and SeedDMS_Core_DocumentContent::getReviewLog() - better handling of document with an empty workflow state +- fix checking of email addresses by using filter_var instead of regex diff --git a/op/op.Login.php b/op/op.Login.php index 1cd9ebce6..d6d1dde6a 100644 --- a/op/op.Login.php +++ b/op/op.Login.php @@ -97,8 +97,7 @@ if(!$controller->run()) { $user = $controller->getUser(); if (isset($referuri) && strlen($referuri)>0) { -// header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'] . $referuri); - header("Location: " . $referuri); + header("Location: " . getBaseUrl() . "/" . $referuri); } else { header("Location: ".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID))); diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 99ed5f33d..66ad6f4a4 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -1417,6 +1417,9 @@ background-image: linear-gradient(to bottom, #882222, #111111);; * @param array $config contains elements * id: id of modal box (must match target of getModalBoxLink()) * title: title of modal box + * content: content to be shown in the body of the box. Can be left + * empty if the body is loaded from the remote link passed to the button + * to open this box. * buttons: array of buttons, each having a title and an optional id * @return string */ diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php index 457d018d9..adb5f0072 100644 --- a/views/bootstrap4/class.Bootstrap4.php +++ b/views/bootstrap4/class.Bootstrap4.php @@ -1340,6 +1340,9 @@ background-image: linear-gradient(to bottom, #882222, #111111);; * @param array $config contains elements * id: id of modal box (must match target of getModalBoxLink()) * title: title of modal box + * content: content to be shown in the body of the box. Can be left + * empty if the body is loaded from the remote link passed to the button + * to open this box. * buttons: array of buttons, each having a title and an optional id * @return string */