Merge remote-tracking branch 'origin/master' into PEGASUS-935-investigate-reported-sso-open-redirect-vulnerabili

yoshdog · yoshdog · commit 98357075da66 · 2020-07-02T13:32:31.000+10:00
diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
@@ -135,6 +135,7 @@ public function authenticateAction()
         if(!Mage::getStoreConfig('zendesk/sso/enabled')) {
             Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Single sign-on disabled.'));
             $this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());
+            return $this;
         }
 
         $domain = Mage::getStoreConfig('zendesk/general/domain');
@@ -144,11 +145,13 @@ public function authenticateAction()
         if(!Zend_Validate::is($domain, 'NotEmpty')) {
             Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Zendesk domain not set. Please add this to the settings page.'));
             $this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());
+            return $this;
         }
 
         if(!Zend_Validate::is($token, 'NotEmpty')) {
             Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Zendesk SSO token not set. Please add this to the settings page.'));
             $this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());
+            return $this;
         }
 
         $now = time();

Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,7 @@ public function authenticateAction()`
`135`	`135`	`if(!Mage::getStoreConfig('zendesk/sso/enabled')) {`
`136`	`136`	`Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Single sign-on disabled.'));`
`137`	`137`	`$this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());`
	`138`	`+ return $this;`
`138`	`139`	`}`
`139`	`140`
`140`	`141`	`$domain = Mage::getStoreConfig('zendesk/general/domain');`
`@@ -144,11 +145,13 @@ public function authenticateAction()`
`144`	`145`	`if(!Zend_Validate::is($domain, 'NotEmpty')) {`
`145`	`146`	`Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Zendesk domain not set. Please add this to the settings page.'));`
`146`	`147`	`$this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());`
	`148`	`+ return $this;`
`147`	`149`	`}`
`148`	`150`
`149`	`151`	`if(!Zend_Validate::is($token, 'NotEmpty')) {`
`150`	`152`	`Mage::getSingleton('adminhtml/session')->addError(Mage::helper('zendesk')->__('Zendesk SSO token not set. Please add this to the settings page.'));`
`151`	`153`	`$this->_redirect(Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl());`
	`154`	`+ return $this;`
`152`	`155`	`}`
`153`	`156`
`154`	`157`	`$now = time();`