From 3c2f32ec8dd1fb0da72e677b40163527fdaec7da Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 3 Jul 2023 09:56:45 +0200
Subject: [PATCH] login - use parse_url to validate if the provided redirect
 string is actually parseable to prevent redirect. looks like
 https://github.com/opnsense/core/issues/4061 was incomplete

---
 src/etc/inc/authgui.inc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index f2cc06711..e3a422be3 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -187,14 +187,12 @@ function session_auth()
             }
             if (!empty($_GET['url'])) {
                 $tmp_url_parts = parse_url($_GET['url']);
-                if (!empty($tmp_url_parts['host'])) {
+                if ($tmp_url_parts !== false) {
                     $redir_uri = $tmp_url_parts['path'];
                     $redir_uri .= !empty($tmp_url_parts['query']) ? "?" . $tmp_url_parts['query'] : "";
                     $redir_uri .= !empty($tmp_url_parts['fragment']) ? "#" . $tmp_url_parts['fragment'] : "";
-                } else {
-                    $redir_uri = $_GET['url'];
+                    header(url_safe("Location: {$redir_uri}"));
                 }
-                header(url_safe("Location: {$redir_uri}"));
             } elseif (!empty($_SESSION['user_shouldChangePassword'])) {
                 header("Location: system_usermanager_passwordmg.php");
             } else {