fix: prevent redirecting to an absolute URL after login

Signed-off-by: Julien Veyssier <[email protected]>

lib/Controller/LoginController.php

@@ -198,6 +198,18 @@ private function buildProtocolErrorResponse(?bool $throttle = null): TemplateRes
 		return $this->buildFailureTemplateResponse('', 'error', $params, Http::STATUS_NOT_FOUND, $throttleMetadata, $throttle);
 	}
 
+	/**
+	 * @param string|null $redirectUrl
+	 * @return RedirectResponse
+	 */
+	private function getRedirectResponse(?string $redirectUrl = null): RedirectResponse {
+		return new RedirectResponse(
+			$redirectUrl === null
+				? null
+				: preg_replace('/^https?:\/\//', '', $redirectUrl)
+		);
+	}
+
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
@@ -210,7 +222,7 @@ private function buildProtocolErrorResponse(?bool $throttle = null): TemplateRes
 	 */
 	public function login(int $providerId, ?string $redirectUrl = null) {
 		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse($redirectUrl);
+			return $this->getRedirectResponse($redirectUrl);
 		}
 		if (!$this->isSecure()) {
 			return $this->buildProtocolErrorResponse();
@@ -602,7 +614,7 @@ public function code(string $state = '', string $code = '', string $scope = '',
 
 		$redirectUrl = $this->session->get(self::REDIRECT_AFTER_LOGIN);
 		if ($redirectUrl) {
-			return new RedirectResponse($redirectUrl);
+			return $this->getRedirectResponse($redirectUrl);
 		}
 
 		return new RedirectResponse(\OC_Util::getDefaultPageUrl());