Restrict redirect

collectiveaccess · Nov 21, 2021 · 3e429d2 · 3e429d2
1 parent 655fd24
commit 3e429d2
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/controllers/system/AuthController.php b/app/controllers/system/AuthController.php
@@ -218,6 +218,7 @@ private function _getRedirectUrl() {
 		$host = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'];
 		$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);
 
+		$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
 		if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
 			$redirect_url = null;
 		}