Skip to content
Permalink
Browse files
Ensure hostname is terminated
  • Loading branch information
collectiveaccess committed Nov 22, 2021
1 parent 3e429d2 commit a45392d6ce55a4482515d1d3271476c699c2ed90
Showing with 1 addition and 1 deletion.
  1. +1 −1 app/controllers/system/AuthController.php
@@ -219,7 +219,7 @@ private function _getRedirectUrl() {
$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);

$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
if(!preg_match('!^'.preg_quote("{$host}/", '!').'!', $redirect_url)) {
$redirect_url = null;
}
return $redirect_url;

0 comments on commit a45392d

Please sign in to comment.