Skip to content

Commit

Permalink
Merge pull request #4720 from stennie/signin
Browse files Browse the repository at this point in the history 
Improve sanity checking for signin "from" param
  • Loading branch information
@dominikwilkowski
dominikwilkowski authored Jul 23, 2018
2 parents eb7c1bb + 27aa760 commit 6a651b7
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions admin/client/Signin/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ import React from 'react';
import ReactDOM from 'react-dom';
import Signin from './Signin';

// Sanitize from param
const internalFromRegex = /^\/[^\/\\]\w+/;
const params = qs.parse(window.location.search.replace(/^\?/, ''));
const from = typeof params.from === 'string' && params.from.charAt(0) === '/'
? params.from : undefined;
const from = internalFromRegex.test(params.from) ? params.from : undefined;

ReactDOM.render(
<Signin
Expand Down

0 comments on commit 6a651b7

Please sign in to comment.