X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Ffront%2Fcontroller%2Fvisitor%2FShaarliVisitorController.php;h=54f9fe03fc5bd4c506b04c7cfaae02b8afea0ee5;hb=3adbdc2a83e6b77a4ca62094c5d857524e39d211;hp=cd27455bbf8d8810054e469fd564f89804c4c959;hpb=e2dff28b44fafcf11a1db7985c50cd40e6945821;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index cd27455b..54f9fe03 100644
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -106,6 +106,7 @@ abstract class ShaarliVisitorController
             'target' => $template,
             'loggedin' => $this->container->loginManager->isLoggedIn(),
             'basePath' => $this->container->basePath,
+            'rootPath' => preg_replace('#/index\.php$#', '', $this->container->basePath),
             'bookmarkService' => $this->container->bookmarkService
         ];
     }
@@ -142,6 +143,13 @@ abstract class ShaarliVisitorController
 
         if (null !== $referer) {
             $currentUrl = parse_url($referer);
+            // If the referer is not related to Shaarli instance, redirect to default
+            if (isset($currentUrl['host'])
+                && strpos(index_url($this->container->environment), $currentUrl['host']) === false
+            ) {
+                return $response->withRedirect($defaultPath);
+            }
+
             parse_str($currentUrl['query'] ?? '', $params);
             $path = $currentUrl['path'] ?? $defaultPath;
         } else {