From 1a874b4c56af0ef4ef20c37a2b5d348551759ff9 Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Fri, 18 May 2012 15:32:41 +0200
Subject: make redirect safe by restricting it to current host

---
 index.php    | 2 +-
 lib/util.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 8eea0fe454f..94b9def0b41 100644
--- a/index.php
+++ b/index.php
@@ -117,6 +117,6 @@ elseif(OC_User::isLoggedIn()) {
 	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $_SERVER['REQUEST_URI']));
+		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1)));
 	}
 }
diff --git a/lib/util.php b/lib/util.php
index 0e4f3689e79..d2dd28b7da8 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
 	*/
 	public static function redirectToDefaultPage(){
 		if(isset($_REQUEST['redirect_url'])) {
-			header( 'Location: '.$_REQUEST['redirect_url']);
+			header( 'Location: /'.$_REQUEST['redirect_url']);
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
 		}
-- 
cgit v1.2.3