lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 00:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

login/www: prioritize index page and prevent redirection to a /api page on login, closes https://github.com/opnsense/core/pull/8222

Browse Source
This commit is contained in:
Ad Schellevis 2025-01-21 20:43:24 +01:00
parent ed7a90194c
commit 5a9a551425
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/opnsense/mvc/app/models/OPNsense/Core/ACL.php
View File

@ -360,18 +360,16 @@ class ACL
// ACL lock, may only access password page
return "system_usermanager_passwordmg.php";
} elseif (!empty($this->userDatabase[$username]['landing_page'])) {
$page = $this->userDatabase[$username]['landing_page'];
if (strpos($page, '/') === 0) {
// remove leading slash, which would result in redirection to //page (without host) after login or auth failure.
return substr($page, 1);
} else {
return $page;
}
// remove leading slash, which would result in redirection to //page (without host) after login or auth failure.
$page = ltrim($this->userDatabase[$username]['landing_page'], '/');
} elseif (!empty($this->userDatabase[$username])) {
// default behaviour, find first accessible location from configured privileges
// default behaviour, find first accessible location from configured privileges, but prefer /
if ($this->isPageAccessible($username, '/')) {
return "index.php";
}
foreach ($this->urlMasks($username) as $pattern) {
if ($pattern == "*") {
return "index.php";
if (str_starts_with('api', $pattern) || $pattern == "*") {
continue;
} elseif (!empty($pattern)) {
/* remove wildcard and optional trailing slashes or query symbols */
return preg_replace('@[/&?]?\*$@', '', $pattern);