From c884448aa22c438979216b30460ce381bd07c5c8 Mon Sep 17 00:00:00 2001 From: Mika Wahlroos Date: Tue, 11 Mar 2014 15:07:04 +0200 Subject: [PATCH] [#1419] Check that redirection target is local --- ckan/controllers/util.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ckan/controllers/util.py b/ckan/controllers/util.py index bb6a40f2dd1..95d21b7c64d 100644 --- a/ckan/controllers/util.py +++ b/ckan/controllers/util.py @@ -2,6 +2,7 @@ import ckan.lib.base as base import ckan.lib.i18n as i18n +import ckan.lib.helpers as h class UtilController(base.BaseController): @@ -10,7 +11,11 @@ class UtilController(base.BaseController): def redirect(self): ''' redirect to the url parameter. ''' url = base.request.params.get('url') - return base.redirect(url) + + if h.url_is_local(url): + return base.redirect(url) + else: + return h.redirect_to(controller='home', action='index') def primer(self): ''' Render all html components out onto a single page.