diff options
| author | Michael Kröll <pepl@cpan.org> | 2008-12-02 00:01:00 +0100 |
|---|---|---|
| committer | Michael Kröll <pepl@cpan.org> | 2008-12-02 00:01:00 +0100 |
| commit | a7857445e3654bdc2d7968e31064349b92399cc7 (patch) | |
| tree | 4834da3b5518b6a25cfdda01ced806b5211ca76b /lib/PAUSE/OpenID/Controller/Root.pm | |
| parent | Merge branch 'master' of git@git.useperl.at:PAUSE-OpenID (diff) | |
| download | Simple-OpenID-a7857445e3654bdc2d7968e31064349b92399cc7.tar.gz Simple-OpenID-a7857445e3654bdc2d7968e31064349b92399cc7.tar.bz2 Simple-OpenID-a7857445e3654bdc2d7968e31064349b92399cc7.zip | |
Check for valid return_to url
Diffstat (limited to 'lib/PAUSE/OpenID/Controller/Root.pm')
| -rw-r--r-- | lib/PAUSE/OpenID/Controller/Root.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/PAUSE/OpenID/Controller/Root.pm b/lib/PAUSE/OpenID/Controller/Root.pm index 6ffa03b..13f165f 100644 --- a/lib/PAUSE/OpenID/Controller/Root.pm +++ b/lib/PAUSE/OpenID/Controller/Root.pm @@ -5,6 +5,7 @@ use warnings; use parent 'Catalyst::Controller'; use LWP::UserAgent; +use Regexp::Common qw /URI/; # # Sets the actions in this controller to be registered with no prefix @@ -41,6 +42,10 @@ sub index :Path :Args(0) { #$c->flash->{xml} = '<document><error_message>Missing parameter</error_message></document>'; $c->res->redirect($c->uri_for('/error')); } + elsif ( $return_to !~ /$RE{URI}{HTTP}/ ) { #{'-scheme'=>'P'} + #$c->flash->{xml} = '<document><error_message>Invalid URI</error_message></document>'; + $c->res->redirect($c->uri_for('/error')); + } # TODO: generate XML programatically $c->stash->{xml} = sprintf('<document><config key="url" value="%s"/></document>', $c->config->{'PAUSE::OpenID'}{'baseurl'}); |