Navigation Menu

Skip to content

Commit

Permalink
Fix open redirect issue with partial URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
@Alanaktion
Alanaktion committed Mar 12, 2022
1 parent 3cdfb4c commit c9c95fe
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/controller/index.php
View file
Expand Up @@ -50,7 +50,7 @@ public function login($f3)
if (!$f3->get("GET.to")) {
$f3->reroute("/");
} else {
if (strpos($f3->get("GET.to"), "://") === false) {
if (strpos($f3->get("GET.to"), "://") === false || substr($f3->get("GET.to"), 0, 2) == "//") {
$f3->reroute($f3->get("GET.to"));
} else {
$f3->reroute("/");
Expand Down Expand Up @@ -93,7 +93,7 @@ public function loginpost($f3)
if (!$f3->get("POST.to")) {
$f3->reroute("/");
} else {
if (strpos($f3->get("POST.to"), "://") === false) {
if (strpos($f3->get("POST.to"), "://") === false || substr($f3->get("POST.to"), 0, 2) == "//") {
$f3->reroute($f3->get("POST.to"));
} else {
$f3->reroute("/");
Expand Down

0 comments on commit c9c95fe

Please sign in to comment.