dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Append URL test (#1532)

Browse Source
This commit is contained in:
Christophe Maudoux 2018-10-29 22:10:49 +01:00
parent badc7a0cad
commit 52a7f884f6
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
View File

@ -204,7 +204,9 @@ sub _buildAuthLoop {
# Default URL
if ( defined $url
and not $self->checkXSSAttack( 'URI',
$req->env->{'REQUEST_URI'} ) )
$req->env->{'REQUEST_URI'} )
and $url =~ m%^(https?://)?[^\s/$.?#].[^\s]*$%
)
{
$url .= $req->env->{'REQUEST_URI'};
$req->{cspFormAction} .= " $url";