Utilities::redirect: Verify target URL type.

Merged into 1.6-branch from r2684. git-svn-id: https://simplesamlphp.googlecode.com/svn/branches/simplesamlphp-1.6@2686 44740490-163a-0410-bde0-09ae8108e29a

Utilities::redirect: Verify target URL type.
36dc3743 · Olav Morken · 79f61a53 · 36dc3743
Commit 36dc3743 authored 14 years ago by Olav Morken
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -694,6 +694,11 @@ class SimpleSAML_Utilities {
 			$url = self::selfURLhost() . $url;
 		}

+		/* Verify that the URL is to a http or https site. */
+		if (!preg_match('@^https?://@i', $url)) {
+			throw new SimpleSAML_Error_Exception('Redirect to invalid URL: ' . $url);
+		}
+
 		/* Determine which prefix we should put before the first
 		 * parameter.
 		 */