]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controller.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Default templates: Fixed syntax for php8.0, added test
[bookstack] / app / Http / Controller.php
diff --git a/app/Http/Controller.php b/app/Http/Controller.php
index 6e81dfd65738942ee30cdb542fe9775360c6a8a1..8facf5dab3c3331d1538b373b68b269d6c6f53b4 100644 (file)
--- a/app/Http/Controller.php
+++ b/app/Http/Controller.php
@@ -9,6 +9,8 @@ use BookStack\Facades\Activity;
 use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
 
 abstract class Controller extends BaseController
@@ -165,4 +167,20 @@ abstract class Controller extends BaseController
     {
         return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)];
     }
+
+    /**
+     * Redirect to the URL provided in the request as a '_return' parameter.
+     * Will check that the parameter leads to a URL under the root path of the system.
+     */
+    protected function redirectToRequest(Request $request): RedirectResponse
+    {
+        $basePath = url('/');
+        $returnUrl = $request->input('_return') ?? $basePath;
+
+        if (!str_starts_with($returnUrl, $basePath)) {
+            return redirect($basePath);
+        }
+
+        return redirect($returnUrl);
+    }
 }
The core source code for the BookStack project.