From 3e429d284f76461ab8bf27bc2af763731b7d7d0e Mon Sep 17 00:00:00 2001
From: CollectiveAccess <seth@collectiveaccess.org>
Date: Sat, 20 Nov 2021 19:07:12 -0500
Subject: [PATCH] Restrict redirect

---
 app/controllers/system/AuthController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/system/AuthController.php b/app/controllers/system/AuthController.php
index 10486ae2f5..034d9fed9b 100644
--- a/app/controllers/system/AuthController.php
+++ b/app/controllers/system/AuthController.php
@@ -218,6 +218,7 @@ private function _getRedirectUrl() {
 		$host = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'];
 		$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);
 		
+		$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
 		if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
 			$redirect_url = null;
 		}