From c64d26a292d7832c2b70f17063e4bc6d73d87ec2 Mon Sep 17 00:00:00 2001
From: Luc Didry <luc@didry.org>
Date: Fri, 26 Oct 2018 17:34:50 +0200
Subject: [PATCH] Fix header injection and open redirects from referrer header

---
 lib/Lufi/Controller/Misc.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/Lufi/Controller/Misc.pm b/lib/Lufi/Controller/Misc.pm
index 146dbd8..f891d9e 100644
--- a/lib/Lufi/Controller/Misc.pm
+++ b/lib/Lufi/Controller/Misc.pm
@@ -2,6 +2,7 @@
 package Lufi::Controller::Misc;
 use Mojo::Base 'Mojolicious::Controller';
 use Mojo::File;
+use Mojo::URL;
 use Lufi::DB::File;
 
 sub index {
@@ -21,7 +22,8 @@ sub change_lang {
         $c->cookie($c->app->moniker.'_lang' => $l, { path => $c->config('prefix') });
     }
 
-    if ($c->req->headers->referrer) {
+    if ($c->req->headers->referrer
+        && Mojo::URL->new($c->req->headers->referrer)->host eq $c->req->url->host) {
         return $c->redirect_to($c->req->headers->referrer);
     } else {
         return $c->redirect_to('/');