);
}
+ # TODO: maybe move this logic to generic_redirect()?
my $redirect_to = $cgi->param('redirect_to') || $acct;
+ if (my $login_redirect_gf = $self->editor->retrieve_config_global_flag('opac.login_redirect_domains')) {
+ if ($login_redirect_gf->enabled eq 't') {
+
+ my @redir_hosts = ();
+ if ($login_redirect_gf->value) {
+ @redir_hosts = map { '(?:[^/.]+\.)*' . quotemeta($_) } grep { $_ } split(/,\s*/, $login_redirect_gf->value);
+ }
+ unshift @redir_hosts, quotemeta($ctx->{hostname});
+
+ my $hn = join('|', @redir_hosts);
+ my $relative_redir = qr#^(?:(?:(?:(?:f|ht)tps?:)?(?://(?:$hn))(?:/|$))|/$|/[^/]+)#;
+
+ if ($redirect_to !~ $relative_redir) {
+ $logger->warn(
+ "Login redirection of [$redirect_to] ".
+ "disallowed based on Global Flag opac.".
+ "login_redirect_domains RE [$relative_redir]"
+ );
+ $redirect_to = $acct; # fall back to myopac/main
+ }
+ }
+ }
return
$self->_perform_any_sso_required($response, $redirect_to, $cookie_list)
'Limit the number of global concurrent matching search queries',
'cgf', 'label'
)
-);
-
-INSERT INTO config.global_flag (name, value, enabled, label)
-VALUES (
+), (
'opac.max_concurrent_search.ip',
'0',
TRUE,
'Limit the number of global concurrent searches per client IP address',
'cgf', 'label'
)
+), (
+ 'opac.login_redirect_domains',
+ '',
+ TRUE,
+ oils_i18n_gettext(
+ 'opac.login_redirect_domains',
+ 'Restrict post-login redirection to local URLs, or those that match the supplied comma-separated list of foreign domains or host names.',
+ 'cgf', 'label'
+ )
);
--- /dev/null
+BEGIN;
+
+-- check whether patch can be applied
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+-- 950.data.seed-values.sql
+
+INSERT INTO config.global_flag (name, value, enabled, label)
+VALUES (
+ 'opac.login_redirect_domains',
+ '',
+ TRUE,
+ oils_i18n_gettext(
+ 'opac.login_redirect_domains',
+ 'Restrict post-login redirection to local URLs, or those that match the supplied comma-separated list of foreign domains or host names.',
+ 'cgf', 'label'
+ )
+);
+
+COMMIT;
+