From 4038f1274407586802a3fdb5d1373b8d5598ae5e Mon Sep 17 00:00:00 2001
From: Julien Veyssier <julien-nc@posteo.net>
Date: Mon, 23 Sep 2024 15:13:23 +0200
Subject: [PATCH] fix: prevent redirecting to an absolute URL after login

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
---
 lib/Controller/LoginController.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
index 75ffbc3b..2739c497 100644
--- a/lib/Controller/LoginController.php
+++ b/lib/Controller/LoginController.php
@@ -198,6 +198,18 @@ private function buildProtocolErrorResponse(?bool $throttle = null): TemplateRes
 		return $this->buildFailureTemplateResponse('', 'error', $params, Http::STATUS_NOT_FOUND, $throttleMetadata, $throttle);
 	}
 
+	/**
+	 * @param string|null $redirectUrl
+	 * @return RedirectResponse
+	 */
+	private function getRedirectResponse(?string $redirectUrl = null): RedirectResponse {
+		return new RedirectResponse(
+			$redirectUrl === null
+				? null
+				: preg_replace('/^https?:\/\//', '', $redirectUrl)
+		);
+	}
+
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
@@ -210,7 +222,7 @@ private function buildProtocolErrorResponse(?bool $throttle = null): TemplateRes
 	 */
 	public function login(int $providerId, ?string $redirectUrl = null) {
 		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse($redirectUrl);
+			return $this->getRedirectResponse($redirectUrl);
 		}
 		if (!$this->isSecure()) {
 			return $this->buildProtocolErrorResponse();
@@ -602,7 +614,7 @@ public function code(string $state = '', string $code = '', string $scope = '',
 
 		$redirectUrl = $this->session->get(self::REDIRECT_AFTER_LOGIN);
 		if ($redirectUrl) {
-			return new RedirectResponse($redirectUrl);
+			return $this->getRedirectResponse($redirectUrl);
 		}
 
 		return new RedirectResponse(\OC_Util::getDefaultPageUrl());