summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/LoginAction.php
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2021-09-29 08:41:15 +0100
committerGreg Roach <greg@subaqua.co.uk>2021-09-29 08:59:30 +0100
commit551ad4afbcef2a72a6cf6461f1747762180b12c5 (patch)
tree026d0fa08aa4d7947e4a8aa5442573ce48c7a1e2 /app/Http/RequestHandlers/LoginAction.php
parente3ca0f87ab6e0eb7a88247dc2eefbb0b38263391 (diff)
downloadwebtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.gz
webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.bz2
webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.zip
Fix: unvalidated redirect
Diffstat (limited to 'app/Http/RequestHandlers/LoginAction.php')
-rw-r--r--app/Http/RequestHandlers/LoginAction.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php
index fb4d823bdf..a3a9541210 100644
--- a/app/Http/RequestHandlers/LoginAction.php
+++ b/app/Http/RequestHandlers/LoginAction.php
@@ -82,7 +82,8 @@ class LoginAction implements RequestHandlerInterface
}
// Redirect to the target URL
- $url = $url ?: route(HomePage::class);
+ $base_url = $request->getAttribute('base_url');
+ $url = str_starts_with($url, $base_url) ? $url : route(HomePage::class);
return redirect($url);
} catch (Exception $ex) {