From 9bfe56f12741c1b7383392bb3a4deadfab40f91c Mon Sep 17 00:00:00 2001 From: Ilia Ross Date: Tue, 3 Jun 2025 21:49:20 +0300 Subject: [PATCH] Fix to support cross theme calls for forgotten form --- pam_login.cgi | 7 +++++++ session_login.cgi | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/pam_login.cgi b/pam_login.cgi index ddcbef00b..ce2e17a82 100755 --- a/pam_login.cgi +++ b/pam_login.cgi @@ -18,6 +18,13 @@ if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'}) { } } +# Redirect to forgot form if return param is set from SPA theme +if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'} && + $ENV{'REQUEST_URI'} =~ /[?&]return=(http?\S+)/) { + &redirect("@{[&get_webprefix()]}/forgot_form.cgi"); + return; + } + # Login banner if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ && !$in{'logout'} && $in{'initial'}) { diff --git a/session_login.cgi b/session_login.cgi index 94bbf7ab0..6ca0f245a 100755 --- a/session_login.cgi +++ b/session_login.cgi @@ -19,6 +19,13 @@ if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'}) { } } +# Redirect to forgot form if return param is set from SPA theme +if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'} && + $ENV{'REQUEST_URI'} =~ /[?&]return=(http?\S+)/) { + &redirect("@{[&get_webprefix()]}/forgot_form.cgi"); + return; + } + # If accessed via HTTPS, make this an SSL-only cookie &get_miniserv_config(\%miniserv); $sec = uc($ENV{'HTTPS'}) eq 'ON' ? "; secure" : ""; @@ -128,7 +135,15 @@ print &ui_form_end(); if ($gconfig{'forgot_pass'}) { # Show forgotten password link my $link = &get_webmin_base_url(); - print &ui_form_start("${link}forgot_form.cgi", "post"); + my $param = ''; + if ($link) { + my $src_link = ($ENV{'HTTPS'} eq 'ON' + ? 'https' + : 'http').'://'.$ENV{'HTTP_HOST'}; + $src_link .= ($gconfig{'webprefix'} || '')."/"; + $param = "?return=".&urlize($src_link); + } + print &ui_form_start($link."forgot_form.cgi".$param, "post"); print &ui_hidden("failed", $in{'failed'}); print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]); }