Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-15964

Redirection not followed when using OAuth

    Details

      Description

      When a user logs in, or authenticates using the built in Oauth system of phpBB, the redirection URL is not followed nor included following the login process. A user could be in the middle of something and they will always be redirected to the forum main page.

      Fixing this could be as easy as including the redirection to the Oauth provider when returning back to phpBB. This may add the vulnerability if the Oauth provider is not trusted and for some reason rewrites the redirection, but that seems unlikely.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Ectoman AJ Quick [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: