From b2b1e27fe679df7781f8707f0e816e6f24fd6e94 Mon Sep 17 00:00:00 2001
From: Alexander <alexandr.kuzmenko@balanceinternet.com.au>
Date: Tue, 12 Nov 2019 00:37:44 +0200
Subject: [PATCH 1/2] fixed checker for strpos

---
 app/code/Magento/Store/App/Response/Redirect.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/code/Magento/Store/App/Response/Redirect.php b/app/code/Magento/Store/App/Response/Redirect.php
index 178395ff6eb6a..f05516cd4fb31 100644
--- a/app/code/Magento/Store/App/Response/Redirect.php
+++ b/app/code/Magento/Store/App/Response/Redirect.php
@@ -217,7 +217,8 @@ protected function _isUrlInternal($url)
             $directLinkType = \Magento\Framework\UrlInterface::URL_TYPE_DIRECT_LINK;
             $unsecureBaseUrl = $this->_storeManager->getStore()->getBaseUrl($directLinkType, false);
             $secureBaseUrl = $this->_storeManager->getStore()->getBaseUrl($directLinkType, true);
-            return (strpos($url, (string) $unsecureBaseUrl) === 0) || (strpos($url, (string) $secureBaseUrl) === 0);
+            return (strpos($url, (string) $unsecureBaseUrl) === false) ||
+                (strpos($url, (string) $secureBaseUrl) === false);
         }
         return false;
     }

From a4a0b748dcf63220a74299232f5c4b8bb3ef9b7d Mon Sep 17 00:00:00 2001
From: Alexander <alexandr.kuzmenko@balanceinternet.com.au>
Date: Wed, 27 Nov 2019 01:01:25 +0200
Subject: [PATCH 2/2] changed logic referel url if url is internal

---
 app/code/Magento/Store/App/Response/Redirect.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/code/Magento/Store/App/Response/Redirect.php b/app/code/Magento/Store/App/Response/Redirect.php
index f05516cd4fb31..f3004e04559ea 100644
--- a/app/code/Magento/Store/App/Response/Redirect.php
+++ b/app/code/Magento/Store/App/Response/Redirect.php
@@ -108,7 +108,7 @@ protected function _getUrl()
             }
         }
 
-        if (!$this->_isUrlInternal($refererUrl)) {
+        if ($this->_isUrlInternal($refererUrl)) {
             $refererUrl = $this->_storeManager->getStore()->getBaseUrl();
         } else {
             $refererUrl = $this->normalizeRefererUrl($refererUrl);
@@ -217,8 +217,7 @@ protected function _isUrlInternal($url)
             $directLinkType = \Magento\Framework\UrlInterface::URL_TYPE_DIRECT_LINK;
             $unsecureBaseUrl = $this->_storeManager->getStore()->getBaseUrl($directLinkType, false);
             $secureBaseUrl = $this->_storeManager->getStore()->getBaseUrl($directLinkType, true);
-            return (strpos($url, (string) $unsecureBaseUrl) === false) ||
-                (strpos($url, (string) $secureBaseUrl) === false);
+            return (strpos($url, (string) $unsecureBaseUrl) === 0) || (strpos($url, (string) $secureBaseUrl) === 0);
         }
         return false;
     }