aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-09-25 10:59:51 +0200
committerGitHub <noreply@github.com>2020-09-25 10:59:51 +0200
commit585fc700fa711170df711990f51f226ecd831ef7 (patch)
treef98ac03d106b67b17d9bbc3803e76fb9f8b7297f /application
parent85b972baf67c61ebabf1ce332358e4dfd2456a4e (diff)
parentabe033be855f76fde9e8576ce36460fbb23b1e57 (diff)
downloadShaarli-585fc700fa711170df711990f51f226ecd831ef7.tar.gz
Shaarli-585fc700fa711170df711990f51f226ecd831ef7.tar.zst
Shaarli-585fc700fa711170df711990f51f226ecd831ef7.zip
Merge pull request #1560 from ArthurHoaro/fix/redirect-wrong-path
Fix invalid redirection using the path of an external domain
Diffstat (limited to 'application')
-rw-r--r--application/front/controller/visitor/ShaarliVisitorController.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index cd27455b..55c075a2 100644
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -142,6 +142,13 @@ abstract class ShaarliVisitorController
142 142
143 if (null !== $referer) { 143 if (null !== $referer) {
144 $currentUrl = parse_url($referer); 144 $currentUrl = parse_url($referer);
145 // If the referer is not related to Shaarli instance, redirect to default
146 if (isset($currentUrl['host'])
147 && strpos(index_url($this->container->environment), $currentUrl['host']) === false
148 ) {
149 return $response->withRedirect($defaultPath);
150 }
151
145 parse_str($currentUrl['query'] ?? '', $params); 152 parse_str($currentUrl['query'] ?? '', $params);
146 $path = $currentUrl['path'] ?? $defaultPath; 153 $path = $currentUrl['path'] ?? $defaultPath;
147 } else { 154 } else {