Critical: WebAccess Module Vulnerability Fixed
I’m posting this on behalf of the module developer, Jason Heffner. -Andrew
There is a critical security hole in the webaccess module written by Jason Heffner.
You should go immediately and download the latest version at:
http://ets. tlt. psu.edu/wiki/Drupal_auth
Details:
The WebAccess module does not handle the redirect_url properly. It is possible to send a request to a different site after logging into webaccess. This could cause phishing vulnerabilities with faked PSU web sites.
If you have a custom version of this module the code to update is below. Otherwise, simply replace the module.
Replace:
function webaccess_redirect() {
global $user;
$uri = $_GET[‘redirect_url’];
if ($uri == “”) {
$uri = base_path();
}
webaccess_do_logon();
Header(‘Location: ‘.$uri);
exit;
}
With this:
function webaccess_redirect() {
global $user;
global $base_url;
$uri = check_url($_GET[‘redirect_url’]);
$check_uri = preg_quote($base_url,’/’);
if (($uri == “”) || (!preg_match(“/^”.$check_uri.”/”,$uri))){
$uri = base_path();
}
webaccess_do_logon();
Header(‘Location: ‘.$uri);
exit;
}
Please, forward this to any colleagues you know currently using this module.
Thanks,
Jason