From 6016948ea535e51b16535888af13df064a1a15d3 Mon Sep 17 00:00:00 2001 From: tany Date: Wed, 11 Apr 2018 17:16:18 +0900 Subject: [PATCH] [fix] sns/login: close open redirect (#2061) --- app/controllers/concerns/sns/login_filter.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/concerns/sns/login_filter.rb b/app/controllers/concerns/sns/login_filter.rb index 16529482fce..3db18985633 100644 --- a/app/controllers/concerns/sns/login_filter.rb +++ b/app/controllers/concerns/sns/login_filter.rb @@ -22,7 +22,7 @@ def default_logged_in_path def login_success if params[:ref].blank? redirect_to default_logged_in_path - elsif params[:ref] =~ /^\// + elsif params[:ref] =~ /^\/[^\/]/ redirect_to params[:ref] else render "sns/login/redirect"