Utilities::redirect: Verify target URL type.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2684 44740490-163a-0410-bde0-09ae8108e29a

Utilities::redirect: Verify target URL type.
c8ac9827 · Olav Morken · a189f24b · c8ac9827
Commit c8ac9827 authored 14 years ago by Olav Morken
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -473,6 +473,11 @@ class SimpleSAML_Utilities {
 			$url = self::selfURLhost() . $url;
 		}

+		/* Verify that the URL is to a http or https site. */
+		if (!preg_match('@^https?://@i', $url)) {
+			throw new SimpleSAML_Error_Exception('Redirect to invalid URL: ' . $url);
+		}
+
 		/* Determine which prefix we should put before the first
 		 * parameter.
 		 */