diff options
| -rw-r--r-- | app/login/controllers/login-controller.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/login/controllers/login-controller.js b/app/login/controllers/login-controller.js index 7867a0c..350429b 100644 --- a/app/login/controllers/login-controller.js +++ b/app/login/controllers/login-controller.js @@ -40,7 +40,9 @@ window.angular && (function(angular) { if (status) { $scope.$emit('user-logged-in', {}); var next = $location.search().next; - if (next === undefined || next == null) { + // don't allow forwarding to non-local urls + if (next === undefined || next == null || + next.indexOf('//') >= 0) { $window.location.hash = '#/overview/server'; } else { $window.location.href = next; |
