Skip to content

Commit

Permalink
check to avoid tricky redirects
Browse files Browse the repository at this point in the history
  • Loading branch information
@friism
friism committed Aug 14, 2012
1 parent 4a9d409 commit b6f157e
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions AuthenticationExample.Web/Controllers/SessionController.cs
View file
@@ -1,4 +1,5 @@
using System.Linq; using System;
using System.Linq;
using System.Web.Mvc; using System.Web.Mvc;
using AppHarbor.Web.Security; using AppHarbor.Web.Security;
using AuthenticationExample.Web.Model; using AuthenticationExample.Web.Model;
Expand Down Expand Up @@ -48,9 +49,14 @@ public ActionResult Create(SessionViewModel sessionViewModel)
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
_authenticator.SetCookie(user.Username); _authenticator.SetCookie(user.Username);
if (!string.IsNullOrEmpty(sessionViewModel.ReturnUrl)) var returnUrl = sessionViewModel.ReturnUrl;
if (!string.IsNullOrEmpty(returnUrl))
{ {
return Redirect(sessionViewModel.ReturnUrl); var returnUri = new Uri(returnUrl);
if (!returnUri.IsAbsoluteUri || returnUri.Host == Request.Url.Host)
{
return Redirect(sessionViewModel.ReturnUrl);
}
} }


return RedirectToAction("Index", "Home"); return RedirectToAction("Index", "Home");
Expand Down

0 comments on commit b6f157e

Please sign in to comment.