From a45392d6ce55a4482515d1d3271476c699c2ed90 Mon Sep 17 00:00:00 2001
From: CollectiveAccess <seth@collectiveaccess.org>
Date: Sun, 21 Nov 2021 22:40:41 -0500
Subject: [PATCH] Ensure hostname is terminated

---
 app/controllers/system/AuthController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/system/AuthController.php b/app/controllers/system/AuthController.php
index 034d9fed9b..fc4d97929b 100644
--- a/app/controllers/system/AuthController.php
+++ b/app/controllers/system/AuthController.php
@@ -219,7 +219,7 @@ private function _getRedirectUrl() {
 		$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);
 		
 		$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
-		if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
+		if(!preg_match('!^'.preg_quote("{$host}/", '!').'!', $redirect_url)) {
 			$redirect_url = null;
 		}
 		return $redirect_url;