Skip to content

Commit

Permalink
[SECURITY-684] Fix Open redirect vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@recampbell
recampbell committed Apr 12, 2018
1 parent d8d673f commit bf3a0ba
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,9 @@ protected String getPostLogOutUrl(StaplerRequest req, Authentication auth) {
*/
public HttpResponse doCommenceLogin(@QueryParameter String from, @Header("Referer") final String referer) throws IOException {
final String redirectOnFinish;
if (from != null) {
if (from != null && ! Util.isAbsoluteUri(from) && ! from.startsWith("//")) {
redirectOnFinish = from;
} else if (referer != null) {
} else if (referer != null && ! Util.isAbsoluteUri(referer) && ! referer.startsWith("//")) {
redirectOnFinish = referer;
} else {
redirectOnFinish = Jenkins.getInstance().getRootUrl();
Expand Down

0 comments on commit bf3a0ba

Please sign in to comment.