diff options
| -rwxr-xr-x | auth.cgi | 2 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
2 files changed, 7 insertions, 0 deletions
@@ -43,6 +43,8 @@ ThrowUserError("auth_delegation_invalid_description") unless $description =~ /^[\w\s]{3,255}$/; my $callback_uri = URI->new($callback); +$callback_uri->scheme =~ /^https?$/ + or ThrowUserError('auth_delegation_illegal_protocol', { protocol => $callback_uri->scheme }); my $callback_base = $callback_uri->clone; $callback_base->query(undef); diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index bf7455ad9..9cd1cc02f 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -134,6 +134,11 @@ This site does not have auth delegation enabled. Please contact an administrator if you require this functionality. + [% ELSIF error == "auth_delegation_illegal_protocol" %] + [% title = "Invalid Protocol" %] + The callback URI uses an illegal protocol: <em>[% protocol FILTER html %]</em>. + Only <em>http</em> and <em>https</em> are allowed. + [% ELSIF error == "auth_delegation_missing_callback" %] [% title = "Auth delegation impossible without callback URI" %] It looks like auth delegation was attempted, but no callback URI was passed. |