Skip to content

Commit

Permalink
Login: add some validation to prior route processing
Browse files Browse the repository at this point in the history 
xibosignage/xibo#3556
  • Loading branch information
@dasgarner
dasgarner committed Dec 23, 2024
1 parent 91f796d commit 7c2c4c3
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/Controller/Login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -650,6 +650,13 @@ private function completeLoginFlow(User $user, Request $request): void
]);
}

/**
* Get a redirect link from the given request and prior route
* validate the prior route by only taking its path
* @param \Slim\Http\ServerRequest $request
* @param string|null $priorRoute
* @return string
*/
private function getRedirect(Request $request, ?string $priorRoute): string
{
$home = $this->urlFor($request, 'home');
Expand All @@ -671,7 +678,7 @@ private function getRedirect(Request $request, ?string $priorRoute): string
} else {
$redirectTo = $priorRoute;
}

return $redirectTo;
}
}

0 comments on commit 7c2c4c3

Please sign in to comment.