lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix open redirect vulnerability in LoginPage

Browse Source 
Validate the ?next= query parameter to prevent open redirects to
external URLs. The parameter is validated to ensure it is a relative
path (starts with / but not //) before using it for navigation.
Invalid paths fall back to '/'.

This prevents attackers from crafting login links like /login?next=https://evil.com
that would transparently redirect authenticated users to malicious sites.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-04-22 21:04:17 +02:00
parent a286ede49c
commit 0481810226
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
frontend/src/pages/LoginPage.tsx
View File

@@ -81,7 +81,8 @@ export function LoginPage(): React.JSX.Element {
const [error, setError] = useState<string | null>(null);
const [submitting, setSubmitting] = useState(false);
const nextPath = searchParams.get("next") ?? "/";
const next = searchParams.get("next") ?? "";
const safePath = /^\/(?!\/)/.test(next) ? next : "/";
function handlePasswordChange(ev: ChangeEvent<HTMLInputElement>): void {
setPassword(ev.target.value);
@@ -100,7 +101,7 @@ export function LoginPage(): React.JSX.Element {
try {
await login(password);
navigate(nextPath, { replace: true });
navigate(safePath, { replace: true });
} catch (err) {
if (err instanceof ApiError && err.status === 401) {
setError("Incorrect password. Please try again.");