yii2-enhanced-gii icon indicating copy to clipboard operation
yii2-enhanced-gii copied to clipboard

Published 20 hours ago verified publisher icon mootensai

Open redirect in crud/default/views/_form.php

Open id3s3c opened this issue 3 years ago • 2 comments

I was poking at one of my companies internal website and saw that changing the Referer: header redirected me to the location of the URL in it. After talking to the dev we fixed changing the line 103 from:

<?= "<?= " ?>Html::a(Yii::t('app', 'Cancel'), Yii::$app->request->referrer , ['class'=> 'btn btn-danger']) ?>

to

<?= "<?= " ?>Html::a(Yii::t('app', 'Cancel'), parse_url(Yii::$app->request->referrer, PHP_URL_PATH), ['class'=> 'btn btn-danger']) ?>

Cheers.

id3s3c avatar Mar 23 '21 21:03 id3s3c

Ye, I have this problem Thanks for show how to fix

victormatuk avatar Mar 23 '21 21:03 victormatuk

please make PR for this

mootensai avatar Mar 26 '21 16:03 mootensai