fixed possible open redirect in QuestionsController

Erudika · Dec 30, 2021 · 6b9543a · 6b9543a
1 parent ee59dd9
commit 6b9543a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/java/com/erudika/scoold/controllers/QuestionsController.java b/src/main/java/com/erudika/scoold/controllers/QuestionsController.java
@@ -273,11 +273,11 @@ public String setSpace(@PathVariable(required = false) String space,
 			}
 		}
 		utils.storeSpaceIdInCookie(space, req, res);
-		String backTo = req.getParameter("returnto");
+		String backTo = HttpUtils.getBackToUrl(req);
 		if (StringUtils.isBlank(backTo)) {
 			return get(req.getParameter("sortby"), req, model);
 		} else {
-			return "redirect:" + (StringUtils.isBlank(backTo) ? QUESTIONSLINK : backTo);
+			return "redirect:" + backTo;
 		}
 	}