1 files changed, 5 insertions, 0 deletions

diff --git a/lib/PAUSE/OpenID/Controller/Root.pm b/lib/PAUSE/OpenID/Controller/Root.pm
index 6ffa03b..13f165f 100644
--- a/lib/PAUSE/OpenID/Controller/Root.pm
+++ b/lib/PAUSE/OpenID/Controller/Root.pm
@@ -5,6 +5,7 @@ use warnings;
 use parent 'Catalyst::Controller';
 
 use LWP::UserAgent;
+use Regexp::Common qw /URI/;
 
 #
 # Sets the actions in this controller to be registered with no prefix
@@ -41,6 +42,10 @@ sub index :Path :Args(0) {
         #$c->flash->{xml} = '<document><error_message>Missing parameter</error_message></document>';
         $c->res->redirect($c->uri_for('/error'));
     }
+    elsif ( $return_to !~ /$RE{URI}{HTTP}/ ) { #{'-scheme'=>'P'}
+        #$c->flash->{xml} = '<document><error_message>Invalid URI</error_message></document>';
+        $c->res->redirect($c->uri_for('/error'));
+    }
 
     # TODO: generate XML programatically
     $c->stash->{xml} = sprintf('<document><config key="url" value="%s"/></document>', $c->config->{'PAUSE::OpenID'}{'baseurl'});