Fix for user reported CVE path-based open redirect

getgrav · Mar 18, 2020 · 2eae104 · 2eae104 · Sicks3c · Jun 16, 2020
1 parent 6f2be2a
commit 2eae104
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
     * Moved `Parsedown` 1.6 and `ParsedownExtra` 0.7 into `Grav\Framework\Parsedown` to allow fixes
 1. [](#bugfix)
     * Fixed PHP 7.4 issue in ParsedownExtra [#2832](https://github.com/getgrav/grav/issues/2832)
+    * Fix for [user reported](https://twitter.com/OriginalSicksec) CVE path-based open redirect
 
 # v1.6.22
 ## 03/05/2020

diff --git a/system/src/Grav/Common/Grav.php b/system/src/Grav/Common/Grav.php
@@ -316,7 +316,10 @@ public function redirect($route, $code = null)
         /** @var Uri $uri */
         $uri = $this['uri'];
 
-        //Check for code in route
+        // Clean route for redirect
+        $route = preg_replace("#^\/[\\\/]+\/#", '/', $route);
+
+         // Check for code in route
         $regex = '/.*(\[(30[1-7])\])$/';
         preg_match($regex, $route, $matches);
         if ($matches) {