Fix header injection and open redirects from referrer header
This commit is contained in:
Luc Didry
parent
72404aaf99
commit
c64d26a292
|
|
@ -2,6 +2,7 @@
|
||||||
package Lufi::Controller::Misc;
|
package Lufi::Controller::Misc;
|
||||||
use Mojo::Base 'Mojolicious::Controller';
|
use Mojo::Base 'Mojolicious::Controller';
|
||||||
use Mojo::File;
|
use Mojo::File;
|
||||||
|
use Mojo::URL;
|
||||||
use Lufi::DB::File;
|
use Lufi::DB::File;
|
||||||
|
|
||||||
sub index {
|
sub index {
|
||||||
|
|
@ -21,7 +22,8 @@ sub change_lang {
|
||||||
$c->cookie($c->app->moniker.'_lang' => $l, { path => $c->config('prefix') });
|
$c->cookie($c->app->moniker.'_lang' => $l, { path => $c->config('prefix') });
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($c->req->headers->referrer) {
|
if ($c->req->headers->referrer
|
||||||
|
&& Mojo::URL->new($c->req->headers->referrer)->host eq $c->req->url->host) {
|
||||||
return $c->redirect_to($c->req->headers->referrer);
|
return $c->redirect_to($c->req->headers->referrer);
|
||||||
} else {
|
} else {
|
||||||
return $c->redirect_to('/');
|
return $c->redirect_to('/');
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue