Fix open redirect in templates share link controller

The redir parameter was passed directly to redirect_to without any validation, allowing redirects to arbitrary external URLs. Only allow relative paths (starting with /) to prevent abuse.
2 months ago · e295b17728
parent 744d45d2c5
commit e295b17728
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/templates_share_link_controller.rb
+++ b/app/controllers/templates_share_link_controller.rb
@ -10,7 +10,7 @@ class TemplatesShareLinkController < ApplicationController

    @template.update!(template_params)

-    if params[:redir].present?
+    if params[:redir].present? && params[:redir].start_with?('/')
      redirect_to params[:redir]
    else
      head :ok