Skip to content

Commit 258a476

Browse files
Pek5892Pek5892
committed
fix: redirect al login
1 parent f75374c commit 258a476

2 files changed

Lines changed: 17 additions & 2 deletions

File tree

core.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -185,9 +185,9 @@
185185

186186
// Memorizza l'URL corrente per il redirect post-login
187187
if (!Auth::check() && !API\Response::isAPIRequest()) {
188-
$current_url = $_SERVER['REQUEST_URI'];
188+
$current_url = $_SERVER['REQUEST_URI'] ?? '';
189189
// Evita di memorizzare URL di logout o login per prevenire loop
190-
if (strpos($current_url, 'op=logout') === false && strpos($current_url, 'op=login') === false) {
190+
if (!empty($current_url) && strpos($current_url, 'op=logout') === false && strpos($current_url, 'op=login') === false) {
191191
Auth::setIntended($current_url);
192192
}
193193
}

src/Auth.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1089,6 +1089,21 @@ private function isValidInternalUrl($url)
10891089

10901090
// L'URL deve iniziare con il base_path del sistema o essere relativo
10911091
if (strpos($url, $base_path) === 0 || strpos($url, '/') === 0) {
1092+
// Verifica che non sia un URL di actions.php senza parametri necessari
1093+
$parsed_url = parse_url($url);
1094+
$path = $parsed_url['path'] ?? '';
1095+
1096+
// Esclude actions.php se chiamato direttamente senza id_module
1097+
if (strpos($path, 'actions.php') !== false) {
1098+
$query = $parsed_url['query'] ?? '';
1099+
parse_str($query, $params);
1100+
1101+
// actions.php richiede id_module per funzionare correttamente
1102+
if (empty($params['id_module'])) {
1103+
return false;
1104+
}
1105+
}
1106+
10921107
return true;
10931108
}
10941109

0 commit comments

Comments
 (0)