diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2021-09-29 08:41:15 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2021-09-29 08:59:30 +0100 |
| commit | 551ad4afbcef2a72a6cf6461f1747762180b12c5 (patch) | |
| tree | 026d0fa08aa4d7947e4a8aa5442573ce48c7a1e2 /app/Http/RequestHandlers/AddChildToFamilyAction.php | |
| parent | e3ca0f87ab6e0eb7a88247dc2eefbb0b38263391 (diff) | |
| download | webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.gz webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.bz2 webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.zip | |
Fix: unvalidated redirect
Diffstat (limited to 'app/Http/RequestHandlers/AddChildToFamilyAction.php')
| -rw-r--r-- | app/Http/RequestHandlers/AddChildToFamilyAction.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/app/Http/RequestHandlers/AddChildToFamilyAction.php b/app/Http/RequestHandlers/AddChildToFamilyAction.php index e86c72a5ec..564a004532 100644 --- a/app/Http/RequestHandlers/AddChildToFamilyAction.php +++ b/app/Http/RequestHandlers/AddChildToFamilyAction.php @@ -20,8 +20,6 @@ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\RequestHandlers; use Fisharebest\Webtrees\Auth; -use Fisharebest\Webtrees\Date; -use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Registry; use Fisharebest\Webtrees\Services\GedcomEditService; use Fisharebest\Webtrees\Tree; @@ -79,6 +77,9 @@ class AddChildToFamilyAction implements RequestHandlerInterface // Link the child to the family $family->createFact('1 CHIL @' . $child->xref() . '@', false); - return redirect($params['url'] ?? $child->url()); + $base_url = $request->getAttribute('base_url'); + $url = str_starts_with($params['url'], $base_url) ? $params['url'] : $child->url(); + + return redirect($url); } } |
