avoid open redirect vulnerability with return_url login helper

2023-06-28 16:56:04 +01:00
parent ef4e3f5181
commit a2da6a7a04
1 changed files with 2 additions and 1 deletions
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -8,6 +8,7 @@ use Dancer::Plugin::Swagger;
 use App::Netdisco; # a safe noop but needed for standalone testing
 use App::Netdisco::Util::Web 'request_is_api';
 use MIME::Base64;
+use URI::Based;

 # ensure that regardless of where the user is redirected, we have a link
 # back to the page they requested.
@@ -162,7 +163,7 @@ post '/login' => sub {
            return to_json { api_key => $user->token };
        }

-        redirect param('return_url');
+        redirect ((scalar URI::Based->new(param('return_url'))->path_query) || '/');
    }
    else {
        # invalidate session cookie