Skip to content

Commit

Permalink
Fix redundant urldecode()
Browse files Browse the repository at this point in the history 
#6822 (comment)
  • Loading branch information
@soudis
soudis authored Dec 18, 2018
1 parent a374d88 commit 7b4cfa9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/Controller/LoginController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ private function setPasswordResetParameters(
*/
private function generateRedirect($redirectUrl) {
if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
$location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:[email protected]
if (strpos($location, '@') === false) {
Expand Down

1 comment on commit 7b4cfa9

@soudis
Copy link
Author

@soudis soudis commented on 7b4cfa9 Dec 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Signed-off-by: Florian Humer [email protected]

Please sign in to comment.