From 6b9543ac9c005adcf43cb56cf076fcdd026a6b87 Mon Sep 17 00:00:00 2001
From: Alex Bogdanovski <alex@erudika.com>
Date: Thu, 30 Dec 2021 14:02:28 +0200
Subject: [PATCH] fixed possible open redirect in QuestionsController

---
 .../com/erudika/scoold/controllers/QuestionsController.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/erudika/scoold/controllers/QuestionsController.java b/src/main/java/com/erudika/scoold/controllers/QuestionsController.java
index fdcf42a0..b4a5e781 100755
--- a/src/main/java/com/erudika/scoold/controllers/QuestionsController.java
+++ b/src/main/java/com/erudika/scoold/controllers/QuestionsController.java
@@ -273,11 +273,11 @@ public String setSpace(@PathVariable(required = false) String space,
 			}
 		}
 		utils.storeSpaceIdInCookie(space, req, res);
-		String backTo = req.getParameter("returnto");
+		String backTo = HttpUtils.getBackToUrl(req);
 		if (StringUtils.isBlank(backTo)) {
 			return get(req.getParameter("sortby"), req, model);
 		} else {
-			return "redirect:" + (StringUtils.isBlank(backTo) ? QUESTIONSLINK : backTo);
+			return "redirect:" + backTo;
 		}
 	}