Skip to content

Commit

Permalink
fixed possible open redirect bypass on signin page
Browse files Browse the repository at this point in the history
  • Loading branch information
@albogdano
albogdano committed Aug 1, 2021
1 parent 677ab76 commit 1c5f4aa
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/main/java/com/erudika/scoold/utils/HttpUtils.java
View file
Expand Up @@ -311,7 +311,7 @@ public static String getBackToUrl(HttpServletRequest req) {
}
if ((StringUtils.startsWithIgnoreCase(backtoFromCookie, "http://") ||
StringUtils.startsWithIgnoreCase(backtoFromCookie, "https://")) &&
!StringUtils.startsWithIgnoreCase(backtoFromCookie, ScooldServer.getServerURL())) {
!StringUtils.startsWithIgnoreCase(backtoFromCookie, ScooldServer.getServerURL() + "/")) {
backtoFromCookie = "";
}
return (StringUtils.isBlank(backtoFromCookie) ? HOMEPAGE : backtoFromCookie);
Expand Down

0 comments on commit 1c5f4aa

Please sign in to comment.