From f4b31f0380a85d8ca6498e89c5c14bb26072b2fe Mon Sep 17 00:00:00 2001
From: Ian Bicking <ianb@colorstudy.com>
Date: Fri, 30 Jun 2017 11:47:44 -0700
Subject: [PATCH] Fix #3073, validate URLs before redirect

---
 server/src/server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/src/server.js b/server/src/server.js
index 8b6383de74..1b369e2635 100644
--- a/server/src/server.js
+++ b/server/src/server.js
@@ -462,6 +462,11 @@ app.post("/timing", function(req, res) {
 
 app.get("/redirect", function(req, res) {
   if (req.query.to) {
+    if (!validUrl.isWebUri(req.query.to)) {
+      mozlog.warn("redirect-to-bad-url", {msg: "?to is not a proper URL", url: req.query.to});
+      res.status(400).send("Bad ?to parameter");
+      return;
+    }
     let from = req.query.from;
     if (!from) {
       from = "shot-detail";