1berry/webmin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix to support cross theme calls for forgotten form

Browse Source
This commit is contained in:
Ilia Ross 2025-06-03 21:49:20 +03:00
parent c3545cf836
commit 9bfe56f127
No known key found for this signature in database
GPG Key ID: 121E166DD9C821AB
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pam_login.cgi
View File

@ -18,6 +18,13 @@ if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'}) {
}
}
# Redirect to forgot form if return param is set from SPA theme
if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'} &&
$ENV{'REQUEST_URI'} =~ /[?&]return=(http?\S+)/) {
&redirect("@{[&get_webprefix()]}/forgot_form.cgi");
return;
}
# Login banner
if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
!$in{'logout'} && $in{'initial'}) {

17
session_login.cgi
View File

@ -19,6 +19,13 @@ if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'}) {
}
}
# Redirect to forgot form if return param is set from SPA theme
if ($gconfig{'forgot_pass'} && $ENV{'REQUEST_URI'} &&
$ENV{'REQUEST_URI'} =~ /[?&]return=(http?\S+)/) {
&redirect("@{[&get_webprefix()]}/forgot_form.cgi");
return;
}
# If accessed via HTTPS, make this an SSL-only cookie
&get_miniserv_config(\%miniserv);
$sec = uc($ENV{'HTTPS'}) eq 'ON' ? "; secure" : "";
@ -128,7 +135,15 @@ print &ui_form_end();
if ($gconfig{'forgot_pass'}) {
# Show forgotten password link
my $link = &get_webmin_base_url();
print &ui_form_start("${link}forgot_form.cgi", "post");
my $param = '';
if ($link) {
my $src_link = ($ENV{'HTTPS'} eq 'ON'
? 'https'
: 'http').'://'.$ENV{'HTTP_HOST'};
$src_link .= ($gconfig{'webprefix'} || '')."/";
$param = "?return=".&urlize($src_link);
}
print &ui_form_start($link."forgot_form.cgi".$param, "post");
print &ui_hidden("failed", $in{'failed'});
print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]);
}