Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2026-05-13 02:06:18 +02:00
Code Issues Packages Projects Releases Activity

Fix for user reported CVE path-based open redirect

Browse Source
This commit is contained in:
Andy Miller
2020-03-18 17:32:46 -06:00
parent 6f2be2a2d2
commit 2eae104c7a
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
system/src/Grav/Common/Grav.php
View File

@@ -316,7 +316,10 @@ class Grav extends Container
/** @var Uri $uri */
$uri = $this['uri'];
//Check for code in route
// Clean route for redirect
$route = preg_replace("#^\/[\\\/]+\/#", '/', $route);
// Check for code in route
$regex = '/.*(\[(30[1-7])\])$/';
preg_match($regex, $route, $matches);
if ($matches) {