fix(session destroy): ensure valid redirect path

PlaceOS · Sep 29, 2021 · 76ca6f6 · 76ca6f6
1 parent 3463787
commit 76ca6f6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
@@ -155,7 +155,7 @@ def destroy
       # do we want to redirect externally?
       path = params.permit(:continue)[:continue] || '/'
 
-      if path.start_with?(".") || path.include?("//")
+      if !path.start_with?("/") || path.include?("//")
           authority = current_authority
           uri = Addressable::URI.parse(path)