#11242 Ensure that the source parameter can't include a subdomain redirect

asmecher · asmecher · commit 8656f3c782d9 · 2025-04-08T07:57:39.000-07:00
diff --git a/pages/login/LoginHandler.inc.php b/pages/login/LoginHandler.inc.php
@@ -143,7 +143,7 @@ function signOut($args, $request) {
 
 		$source = str_replace('@', '', $request->getUserVar('source'));
 		if (isset($source) && !empty($source)) {
-			$request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false);
+			$request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . '/' . $source, false);
 		} else {
 			$request->redirect(null, $request->getRequestedPage());
 		}

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ function signOut($args, $request) {`
`143`	`143`
`144`	`144`	`$source = str_replace('@', '', $request->getUserVar('source'));`
`145`	`145`	`if (isset($source) && !empty($source)) {`
`146`		`- $request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false);`
	`146`	`+ $request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . '/' . $source, false);`
`147`	`147`	`} else {`
`148`	`148`	`$request->redirect(null, $request->getRequestedPage());`
`149`	`149`	`}`