diff options
Diffstat (limited to 'core')
-rw-r--r-- | core/Controller/LoginController.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 13aef8f67ab..6446941ff9c 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -253,7 +253,7 @@ class LoginController extends Controller { private function generateRedirect(?string $redirectUrl): RedirectResponse { if ($redirectUrl !== null && $this->userSession->isLoggedIn()) { - $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl)); + $location = $this->urlGenerator->getAbsoluteURL($redirectUrl); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { |