upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-19 08:25:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 14

fix: prevent malicious url in unsupported browser redirect

Browse source 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
This commit is contained in:
John Molakvoæ 2023-05-11 08:56:15 +02:00
parent f1bfd7fd48
commit d8392fc62f
No known key found for this signature in database
GPG key ID: 60C25B8C072916CF
3 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/src/views/UnsupportedBrowser.vue
View file

@ -141,8 +141,10 @@ export default {
const urlParams = new URLSearchParams(window.location.search)
if (urlParams.has('redirect_url')) {
const redirectPath = Buffer.from(urlParams.get('redirect_url'), 'base64').toString() || '/'
window.location = redirectPath
return
if (redirectPath.startsWith('/')) {
window.location = generateUrl(redirectPath)
return
}
}
window.location = generateUrl('/')
},

4
dist/core-unsupported-browser.js vendored
View file

File diff suppressed because one or more lines are too long

2
dist/core-unsupported-browser.js.map vendored
View file

File diff suppressed because one or more lines are too long