Ensure hostname is terminated

collectiveaccess · Nov 22, 2021 · a45392d · a45392d
1 parent 3e429d2
commit a45392d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/system/AuthController.php b/app/controllers/system/AuthController.php
@@ -219,7 +219,7 @@ private function _getRedirectUrl() {
 		$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);
 
 		$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
-		if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
+		if(!preg_match('!^'.preg_quote("{$host}/", '!').'!', $redirect_url)) {
 			$redirect_url = null;
 		}
 		return $redirect_url;