From 7c2c4c3e28b152390b824b36d897eaf70b04a2fb Mon Sep 17 00:00:00 2001
From: Dan Garner <dan@xibosignage.com>
Date: Mon, 23 Dec 2024 15:46:57 +0000
Subject: [PATCH] Login: add some validation to prior route processing
 xibosignage/xibo#3556

---
 lib/Controller/Login.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/Controller/Login.php b/lib/Controller/Login.php
index aff4c6c996..e16fbaf61e 100644
--- a/lib/Controller/Login.php
+++ b/lib/Controller/Login.php
@@ -650,6 +650,13 @@ private function completeLoginFlow(User $user, Request $request): void
         ]);
     }
 
+    /**
+     * Get a redirect link from the given request and prior route
+     *  validate the prior route by only taking its path
+     * @param \Slim\Http\ServerRequest $request
+     * @param string|null $priorRoute
+     * @return string
+     */
     private function getRedirect(Request $request, ?string $priorRoute): string
     {
         $home = $this->urlFor($request, 'home');
@@ -671,7 +678,7 @@ private function getRedirect(Request $request, ?string $priorRoute): string
         } else {
             $redirectTo = $priorRoute;
         }
-        
+
         return $redirectTo;
     }
 }