From 5a9a551425afeadc19b7039dc8a6c152d0d36c23 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 21 Jan 2025 20:43:24 +0100 Subject: [PATCH] login/www: prioritize index page and prevent redirection to a /api page on login, closes https://github.com/opnsense/core/pull/8222 --- .../mvc/app/models/OPNsense/Core/ACL.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php b/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php index d3b11db3a..bda3809f4 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php +++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php @@ -360,18 +360,16 @@ class ACL // ACL lock, may only access password page return "system_usermanager_passwordmg.php"; } elseif (!empty($this->userDatabase[$username]['landing_page'])) { - $page = $this->userDatabase[$username]['landing_page']; - if (strpos($page, '/') === 0) { - // remove leading slash, which would result in redirection to //page (without host) after login or auth failure. - return substr($page, 1); - } else { - return $page; - } + // remove leading slash, which would result in redirection to //page (without host) after login or auth failure. + $page = ltrim($this->userDatabase[$username]['landing_page'], '/'); } elseif (!empty($this->userDatabase[$username])) { - // default behaviour, find first accessible location from configured privileges + // default behaviour, find first accessible location from configured privileges, but prefer / + if ($this->isPageAccessible($username, '/')) { + return "index.php"; + } foreach ($this->urlMasks($username) as $pattern) { - if ($pattern == "*") { - return "index.php"; + if (str_starts_with('api', $pattern) || $pattern == "*") { + continue; } elseif (!empty($pattern)) { /* remove wildcard and optional trailing slashes or query symbols */ return preg_replace('@[/&?]?\*$@', '', $pattern);