From 2e3877f77020bd669d510672303eda4931989629 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Sat, 2 Oct 2021 12:50:21 +0200
Subject: [PATCH] Refuse unsecure redirect urls

---
 app/Support/Http/Controllers/UserNavigation.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/Support/Http/Controllers/UserNavigation.php b/app/Support/Http/Controllers/UserNavigation.php
index 28428810b4..3b0eafaabb 100644
--- a/app/Support/Http/Controllers/UserNavigation.php
+++ b/app/Support/Http/Controllers/UserNavigation.php
@@ -176,11 +176,24 @@ trait UserNavigation
         /** @var ViewErrorBag|null $errors */
         $errors    = session()->get('errors');
         $forbidden = ['json', 'debug'];
-        if ((null === $errors || (0 === $errors->count())) && !Str::contains($return, $forbidden)) {
+
+        // get default host:
+        $default = parse_url(route('index'), PHP_URL_HOST);
+
+        // get host of previous URL:
+        $previous = parse_url($return, PHP_URL_HOST);
+
+        if ($default === $previous && (null === $errors || (0 === $errors->count())) && !Str::contains($return, $forbidden)) {
             Log::debug(sprintf('Saving URL %s under key %s', $return, $identifier));
             session()->put($identifier, $return);
+
+            return $return;
         }
 
+        // if no match, save default URL:
+        Log::info(sprintf('Refuse to set "%s" as redirect, set default route instead.', $return));
+        session()->put($identifier, route('index'));
+
         return $return;
     }
 }