SECURITY, fixing a possible phishing exploit.

symbiote · Feb 16, 2017 · b065ebd · b065ebd
1 parent 573d695
commit b065ebd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/code/extensions/SecurityLoginExtension.php b/code/extensions/SecurityLoginExtension.php
@@ -7,7 +7,7 @@ public function onBeforeSecurityLogin() {
 		// Determine whether a user has already authenticated, and whether a back URL exists.
 
 		$URL = $this->owner->getRequest()->getVar('BackURL');
-		if(Member::currentUserID() && $URL) {
+		if(Member::currentUserID() && $URL && Director::is_site_url($URL)) {
 
 			// Take the user to the back URL.