diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2021-09-29 08:41:15 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2021-09-29 08:59:30 +0100 |
| commit | 551ad4afbcef2a72a6cf6461f1747762180b12c5 (patch) | |
| tree | 026d0fa08aa4d7947e4a8aa5442573ce48c7a1e2 /app/Http/RequestHandlers/LoginAction.php | |
| parent | e3ca0f87ab6e0eb7a88247dc2eefbb0b38263391 (diff) | |
| download | webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.gz webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.tar.bz2 webtrees-551ad4afbcef2a72a6cf6461f1747762180b12c5.zip | |
Fix: unvalidated redirect
Diffstat (limited to 'app/Http/RequestHandlers/LoginAction.php')
| -rw-r--r-- | app/Http/RequestHandlers/LoginAction.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php index fb4d823bdf..a3a9541210 100644 --- a/app/Http/RequestHandlers/LoginAction.php +++ b/app/Http/RequestHandlers/LoginAction.php @@ -82,7 +82,8 @@ class LoginAction implements RequestHandlerInterface } // Redirect to the target URL - $url = $url ?: route(HomePage::class); + $base_url = $request->getAttribute('base_url'); + $url = str_starts_with($url, $base_url) ? $url : route(HomePage::class); return redirect($url); } catch (Exception $ex) { |
