From bad7a9f4cbb23dd4abb54c963fef23589acc2d60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Fri, 10 Jun 2016 16:40:11 +0000
Subject: [PATCH] [SECURITY] Don't redirect to external sites after login
 (AuthManager version)

The returnto URL parameter accepts interwiki prefixes, even non-local ones.
I953f99b446 has a partial fix; this applies it to AuthManager.

Bug: T109140
Change-Id: I7e02a9f587863630724c8ff9d61610ecd0717b3c
---
 includes/specials/helpers/LoginHelper.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/specials/helpers/LoginHelper.php b/includes/specials/helpers/LoginHelper.php
index f853f41..2196bd9 100644
--- a/includes/specials/helpers/LoginHelper.php
+++ b/includes/specials/helpers/LoginHelper.php
@@ -75,7 +75,12 @@ class LoginHelper extends ContextSource {
 		// Allow modification of redirect behavior
 		Hooks::run( 'PostLoginRedirect', [ &$returnTo, &$returnToQuery, &$type ] );
 
-		$returnToTitle = Title::newFromText( $returnTo ) ?:  Title::newMainPage();
+		$returnToTitle = Title::newFromText( $returnTo );
+		// T109140: Don't redirect to external sites since MediaWiki will
+		// never generate a URL like that
+		if ( !$returnToTitle || $returnToTitle->isExternal() ) {
+			$returnToTitle = Title::newMainPage();
+		}
 
 		if ( $wgSecureLogin && !$stickHTTPS ) {
 			$options = [ 'http' ];
-- 
1.9.1