Fix invalid redirection using the path of an external domain

Fixes #1554
author: ArthurHoaro <arthur@hoa.ro> 2020-09-22 15:17:13 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-09-22 15:37:26 +0200
commit: abe033be855f76fde9e8576ce36460fbb23b1e57 (patch)
tree: eefc804a0cb8c0497a03c954667fd3e75598d0aa /application/front/controller/visitor/ShaarliVisitorController.php
parent: 5baafe5001ef2fbe88d3fcdcc225ec12edd3fef1 (diff)
download: Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.gz
Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.zst
Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index cd27455b..55c075a2 100644
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -142,6 +142,13 @@ abstract class ShaarliVisitorController
        if (null !== $referer) {
            $currentUrl = parse_url($referer);
+            // If the referer is not related to Shaarli instance, redirect to default
+            if (isset($currentUrl['host'])
+                && strpos(index_url($this->container->environment), $currentUrl['host']) === false
+            ) {
+                return $response->withRedirect($defaultPath);
+            }
            parse_str($currentUrl['query'] ?? '', $params);
            $path = $currentUrl['path'] ?? $defaultPath;
        } else {
author	ArthurHoaro <arthur@hoa.ro>	2020-09-22 15:17:13 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-09-22 15:37:26 +0200
commit	abe033be855f76fde9e8576ce36460fbb23b1e57 (patch)
tree	eefc804a0cb8c0497a03c954667fd3e75598d0aa /application/front/controller/visitor/ShaarliVisitorController.php
parent	5baafe5001ef2fbe88d3fcdcc225ec12edd3fef1 (diff)
download	Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.gz Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.tar.zst Shaarli-abe033be855f76fde9e8576ce36460fbb23b1e57.zip

diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php index cd27455b..55c075a2 100644 --- a/application/front/controller/visitor/ShaarliVisitorController.php +++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -142,6 +142,13 @@ abstract class ShaarliVisitorController
142		142
143	if (null !== $referer) {	143	if (null !== $referer) {
144	$currentUrl = parse_url($referer);	144	$currentUrl = parse_url($referer);
		145	// If the referer is not related to Shaarli instance, redirect to default
		146	if (isset($currentUrl['host'])
		147	&& strpos(index_url($this->container->environment), $currentUrl['host']) === false
		148	) {
		149	return $response->withRedirect($defaultPath);
		150	}
		151
145	parse_str($currentUrl['query'] ?? '', $params);	152	parse_str($currentUrl['query'] ?? '', $params);
146	$path = $currentUrl['path'] ?? $defaultPath;	153	$path = $currentUrl['path'] ?? $defaultPath;
147	} else {	154	} else {