summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/AddChildToFamilyAction.php
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2021-09-29 08:41:15 +0100
committerGreg Roach <greg@subaqua.co.uk>2021-09-29 08:59:30 +0100
commit551ad4afbcef2a72a6cf6461f1747762180b12c5 (patch)
tree026d0fa08aa4d7947e4a8aa5442573ce48c7a1e2 /app/Http/RequestHandlers/AddChildToFamilyAction.php
parente3ca0f87ab6e0eb7a88247dc2eefbb0b38263391 (diff)
downloadwebtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.gz
webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.bz2
webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.zip
Fix: unvalidated redirect
Diffstat (limited to 'app/Http/RequestHandlers/AddChildToFamilyAction.php')
-rw-r--r--app/Http/RequestHandlers/AddChildToFamilyAction.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/app/Http/RequestHandlers/AddChildToFamilyAction.php b/app/Http/RequestHandlers/AddChildToFamilyAction.php
index e86c72a5ec..564a004532 100644
--- a/app/Http/RequestHandlers/AddChildToFamilyAction.php
+++ b/app/Http/RequestHandlers/AddChildToFamilyAction.php
@@ -20,8 +20,6 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
use Fisharebest\Webtrees\Auth;
-use Fisharebest\Webtrees\Date;
-use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Registry;
use Fisharebest\Webtrees\Services\GedcomEditService;
use Fisharebest\Webtrees\Tree;
@@ -79,6 +77,9 @@ class AddChildToFamilyAction implements RequestHandlerInterface
// Link the child to the family
$family->createFact('1 CHIL @' . $child->xref() . '@', false);
- return redirect($params['url'] ?? $child->url());
+ $base_url = $request->getAttribute('base_url');
+ $url = str_starts_with($params['url'], $base_url) ? $params['url'] : $child->url();
+
+ return redirect($url);
}
}