yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix incorrect redirectUrl check with external authentication (#14198) (#14423)

Browse Source 
* Fix check local redirect url

* Removed line break

* Small adjustment

---------

Co-authored-by: Laura Neto <12862535+lauraneto@users.noreply.github.com>
This commit is contained in:
Johan Runsten
2023-07-29 17:47:43 +02:00
committed by GitHub
parent dc94797784
commit 71d990504e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
View File

@@ -329,7 +329,9 @@ public class BackOfficeController : UmbracoController
[AllowAnonymous]
public ActionResult ExternalLogin(string provider, string? redirectUrl = null)
{
if (redirectUrl == null || Uri.TryCreate(redirectUrl, UriKind.Absolute, out _))
// Only relative urls are accepted as redirect url
// We can't simply use Uri.TryCreate with kind Absolute, as in Linux any relative url would be seen as an absolute file uri
if (redirectUrl == null || !Uri.TryCreate(redirectUrl, UriKind.RelativeOrAbsolute, out Uri? redirectUri) || redirectUri.IsAbsoluteUri)
{
redirectUrl = Url.Action(nameof(Default), this.GetControllerName());
}