[PHPBB3-15964] Redirection not followed when using OAuth

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.2.5
Fix Version/s: None
Component/s: Authentication, Login, User Control Panel (UCP)
Labels:
- oauth
Environment:
PHP 7.2

Description

When a user logs in, or authenticates using the built in Oauth system of phpBB, the redirection URL is not followed nor included following the login process. A user could be in the middle of something and they will always be redirected to the forum main page.

Fixing this could be as easy as including the redirection to the Oauth provider when returning back to phpBB. This may add the vulnerability if the Oauth provider is not trusted and for some reason rewrites the redirection, but that seems unlikely.

Attachments

Issue Links

is duplicated by

PHPBB3-16104 oAuth not working when using direct link to viewtopic.php

Closed

Activity

People

Assignee:: Unassigned

Reporter:: AJ Quick [X] (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Feb/19 1:59 AM

Updated:: 27/Oct/19 1:16 AM